CVE-2023-2861 Information

Description

A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. The 9pfs server did not prohibit opening special files on the host side potentially allowing a malicious client to escape from the exported 9p tree by creating and opening a device file in the shared folder.

Reference

https://access.redhat.com/security/cve/CVE-2023-2861 https://bugzilla.redhat.com/show_bug.cgi?id=2219266