A flaw was found in qemu Media Transfer Protocol (MTP). A path traversal in the in usb_mtp_write_data function in hw/usb/dev-mtp.c due to an improper filename sanitization. When the guest device is mounted in read-write mode, this allows to read/write arbitrary files which may lead do DoS scenario OR possibly lead to code execution on the host.
Name: Michael Hanselmann (hansmi.ch)
Created qemu tracking bugs for this issue:
Affects: fedora-all [bug 1656746]