Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-16872

A flaw was found in qemu Media Transfer Protocol (MTP). The code opening files in usb_mtp_get_object and usb_mtp_get_partial_object and directories in usb_mtp_object_readdir doesn't consider that the underlying filesystem may have changed since the time lstat(2) was called in usb_mtp_object_alloc, a classical TOCTTOU problem. An attacker with write access to the host filesystem shared with a guest can use this property to navigate the host filesystem in the context of the QEMU process and read any file the QEMU process has access to. Access to the filesystem may be local or via a network share protocol such as CIFS.

Published

2018-12-13T21:29:00.260

Last Modified

2024-11-21T03:53:29.810

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:S/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

6.8

Impact Score

2.9

Weaknesses

Type: Primary
CWE-367
Type: Secondary
CWE-367

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	qemu	qemu	≤ 3.1.0	Yes
Operating System	debian	debian_linux	8.0	Yes
Operating System	debian	debian_linux	9.0	Yes
Operating System	fedoraproject	fedora	29	Yes
Operating System	fedoraproject	fedora	30	Yes
Operating System	canonical	ubuntu_linux	14.04	Yes
Operating System	canonical	ubuntu_linux	16.04	Yes
Operating System	canonical	ubuntu_linux	18.04	Yes
Operating System	canonical	ubuntu_linux	18.10	Yes
Operating System	opensuse	leap	42.3	Yes

References

http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html Mailing List, Third Party Advisory ([email protected])
http://www.securityfocus.com/bid/106212 Third Party Advisory, VDB Entry ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16872 Issue Tracking, Patch, Third Party Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2019/02/msg00041.html Mailing List, Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CGCFIFSIWUREEQQOZDZFBYKWZHXCWBZN/ Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJMTVGDLA654HNCDGLCUEIP36SNJEKK7/ Third Party Advisory ([email protected])
https://seclists.org/bugtraq/2019/May/76 Mailing List, Third Party Advisory ([email protected])
https://usn.ubuntu.com/3923-1/ Third Party Advisory ([email protected])
https://www.debian.org/security/2019/dsa-4454 Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00042.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/106212 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16872 Issue Tracking, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2019/02/msg00041.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CGCFIFSIWUREEQQOZDZFBYKWZHXCWBZN/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJMTVGDLA654HNCDGLCUEIP36SNJEKK7/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://seclists.org/bugtraq/2019/May/76 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/3923-1/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2019/dsa-4454 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)