CVE-2021-20263

Beschreibung:
A flaw was found in the virtio-fs shared file system daemon (virtiofsd) of QEMU. The new ‚xattrmap‘ option may cause the ’security.capability‘ xattr in the guest to not drop on file write, potentially leading to a modified, privileged executable in the guest. In rare circumstances, this flaw could be used by a malicious user to elevate their privileges within the guest.

CWE: CWE-281

CVSS-Bewertung
CVSS 2: LOW – 2.1 (Version: 2.0)
CVSS 3: LOW – 3.3 (Version: 3.1)

Links:

NVD – CVE-2021-20263
CVE – CVE-2021-20263

Link (max. 20) Quelle Tags
https://www.openwall.com/lists/oss-security/2021/03/08/1 MISC Mailing List Patch Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1933668 MISC Issue Tracking Patch Third Party Advisory
https://security.netapp.com/advisory/ntap-20210507-0002/ CONFIRM Patch Vendor Advisory
[ranger-dev] 20210317 [jira] [Created] (RANGER-3209) Upgrade netty to 4.1.60+ due to CVE-2021-21290 and CVE-2021-21295 MLIST Mailing List Third Party Advisory
[ranger-dev] 20210317 [jira] [Assigned] (RANGER-3209) Upgrade netty to 4.1.60+ due to CVE-2021-21290 and CVE-2021-21295 MLIST Mailing List Third Party Advisory
https://lists.apache.org/thread.html/r57245853c7245baab09eae08728c52b58fd77666538092389cc3e882@%3Ccommits.servicecomb.apache.org%3E MISC Mailing List Third Party Advisory Third Party Advisory
https://lists.apache.org/thread.html/rb523bb6c60196c5f58514b86a8585c2069a4852039b45de3818b29d2@%3Ccommits.servicecomb.apache.org%3E MISC Mailing List Third Party Advisory
https://lists.apache.org/thread.html/r490ca5611c150d193b320a2608209180713b7c68e501b67b0cffb925@%3Ccommits.servicecomb.apache.org%3E MISC Mailing List Third Party Advisory
https://lists.apache.org/thread.html/r6d32fc3cd547f7c9a288a57c7f525f5d00a00d5d163613e0d10a23ef@%3Ccommits.servicecomb.apache.org%3E MISC Mailing List Third Party Advisory
[pulsar-commits] 20210329 [GitHub] [pulsar] yaswanthnadella opened a new issue #10071: CVE-2021-21295 & CVE-2021-21290 MLIST Third Party Advisory VDB Entry
[pulsar-commits] 20210329 [GitHub] [pulsar] aahmed-se opened a new pull request #10073: Upgrade Netty version to 4.1.60.final MLIST Mailing List Third Party Advisory
[pulsar-commits] 20210329 [GitHub] [pulsar] merlimat closed issue #10071: CVE-2021-21295 & CVE-2021-21290 MLIST Third Party Advisory VDB Entry
[bookkeeper-issues] 20210330 [GitHub] [bookkeeper] eolivelli opened a new issue #2669: Update Netty to 4.1.60.final MLIST Third Party Advisory
[zookeeper-issues] 20210330 [jira] [Updated] (ZOOKEEPER-4272) Upgrade Netty library to > 4.1.60 due to security vulnerability CVE-2021-21295 MLIST Mailing List Third Party Advisory
[zookeeper-issues] 20210330 [jira] [Created] (ZOOKEEPER-4272) Upgrade Netty library to > 4.1.60 due to security vulnerability CVE-2021-21295 MLIST Third Party Advisory
[kafka-jira] 20210330 [jira] [Created] (KAFKA-12583) Upgrade of netty-codec due to CVE-2021-21295 MLIST
[zookeeper-dev] 20210330 [jira] [Created] (ZOOKEEPER-4272) Upgrade Netty library to > 4.1.60 due to security vulnerability CVE-2021-21295 MLIST
[kafka-dev] 20210330 [jira] [Created] (KAFKA-12583) Upgrade of netty-codec due to CVE-2021-21295 MLIST
[kafka-jira] 20210330 [jira] [Updated] (KAFKA-12583) Upgrade of netty-codec due to CVE-2021-21295 MLIST
[zookeeper-issues] 20210331 [jira] [Commented] (ZOOKEEPER-4272) Upgrade Netty library to > 4.1.60 due to security vulnerability CVE-2021-21295 MLIST

Quelle: NVD – CVE-2021-20263
Datum Veröffentlichung: 2021-03-09T18:15Z, Datum letzte Änderung: 2021-05-07T05:15Z