A flaw was found in the virtio-fs shared file system daemon (virtiofsd) of QEMU. The new ‚xattrmap‘ option may cause the ’security.capability‘ xattr in the guest to not drop on file write, potentially leading to a modified, privileged executable in the guest. In rare circumstances, this flaw could be used by a malicious user to elevate their privileges within the guest.
CVSS 2: LOW – 2.1 (Version: 2.0)
CVSS 3: LOW – 3.3 (Version: 3.1)
Quelle: NVD – CVE-2021-20263
Datum Veröffentlichung: 2021-03-09T18:15Z, Datum letzte Änderung: 2021-05-07T05:15Z