Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A flaw was found in qemu Media Transfer Protocol (MTP). The code opening files in usb_mtp_get_object and usb_mtp_get_partial_object and directories in usb_mtp_object_readdir doesn't consider that the underlying filesystem may have changed since the time lstat(2) was called in usb_mtp_object_alloc, a classical TOCTTOU problem. An attacker with write access to the host filesystem shared with a guest can use this property to navigate the host filesystem in the context of the QEMU process and read any file the QEMU process has access to. Access to the filesystem may be local or via a network share protocol such as CIFS.
CVSS Information
N/A
Vulnerability Type
检查时间与使用时间(TOCTOU)的竞争条件
Vulnerability Title
QEMU 安全漏洞
Vulnerability Description
QEMU是法国程序员法布里斯-贝拉(Fabrice Bellard)所研发的一套模拟处理器软件。Media Transfer Protocol(MTP)是其中的一个媒体传输协议。 QEMU中的MTP存在安全漏洞。攻击者可利用该漏洞在QEMU进程的上下文中导航主机文件系统,进而读取该进程可访问的任意文件。
CVSS Information
N/A
Vulnerability Type
N/A