CVE-2016-9602

Summary

Qemu before version 2.9 is vulnerable to an improper link following when built with the VirtFS. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host.

Affected Software

VendorProductVersion RangeStatus
unspecifiedQemuqemu 2.9affected

Weaknesses

  • CWE-59: CWE-59

ADP Enrichment

CVE Program Container

Additional References

References