N/A

A flaw was found in qemu Media Transfer Protocol (MTP) before version 3.1.0. A path traversal in the in usb_mtp_write_data function in hw/usb/dev-mtp.c due to an improper filename sanitization. When the guest device is mounted in read-write mode, this allows to read/write arbitrary files which may lead do DoS scenario OR possibly lead to code execution on the host.

N/A

使用共享资源的并发执行不恰当同步问题(竞争条件)

QEMU 安全漏洞

QEMU（又名Quick Emulator）是法国程序员法布里斯-贝拉（Fabrice Bellard）所研发的一套模拟处理器软件。该软件具有速度快、跨平台等特点。 QEMU 3.1.0之前版本中的媒体传输协议存在安全漏洞，该漏洞源于程序没有正确地对用户名进行过滤。攻击者可利用该漏洞写入和读取任意文件，造成拒绝服务或可能在主机上执行代码。

N/A

N/A