A flaw was found in the way qemu v1.3.0 and later (virtio-rng) validates addresses when guest accesses the config space of a virtio device. If the virtio device has zero/small sized config space, such as virtio-rng, a privileged guest user could use this flaw to access the matching host's qemu address space and thus increase their privileges on the host.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
qemu qemu |
||
qemu qemu 1.5.0 |
||
debian debian linux 8.0 |
||
debian debian linux 9.0 |
||
debian debian linux 10.0 |
||
novell open desktop server 11.0 |
||
novell open enterprise server 11.0 |