Quick Emulator(Qemu) built with the VirtFS, host directory sharing via Plan 9 File System(9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing virtfs metadata files in mapped-file security mode. A guest user could use this flaw to escalate their privileges inside guest. Upstream patches: ----------------- -> https://lists.gnu.org/archive/html/qemu-devel/2017-05/msg03663.html Reference: ---------- -> http://www.openwall.com/lists/oss-security/2017/05/17/6
Acknowledgments: Name: Leo Gaspard
Created qemu tracking bugs for this issue: Affects: fedora-all [bug 1451711]