Bugzilla – Bug 1117279
VUL-1: CVE-2018-19489: xen: QEMU: 9pfs: crash due to race condition in renaming files
Last modified: 2022-02-13 11:39:43 UTC
+++ This bug was initially created as a clone of Bug #1117275 +++ rh#1653156 A use-after-free flaw was found in the VirtFS, host directory sharing via Plan 9 File System(9pfs) support in QEMU. It could occur due to a race condition while renaming files on a shared host directory. A user inside guest could use this flaw to crash the QEMU process resulting in DoS issue. Upstream patch: --------------- -> https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg04489.html Reference: ---------- -> https://www.openwall.com/lists/oss-security/2018/11/26/1 References: https://bugzilla.redhat.com/show_bug.cgi?id=1653156 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19489 http://seclists.org/oss-sec/2018/q4/182 https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg04489.html
9pfs is not enabled in the xen qemu