Security Advisory

CVE-2021-20263

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-03-09 17:17:43

Last updated 2024-08-03 17:37:23

Assigner redhat

State PUBLISHED

Description

A flaw was found in the virtio-fs shared file system daemon (virtiofsd) of QEMU. The new xattrmap option may cause the security.capability xattr in the guest to not drop on file write, potentially leading to a modified, privileged executable in the guest. In rare circumstances, this flaw could be used by a malicious user to elevate their privileges within the guest.

← Browse all CVEs View on cve.org ↗