Wind River Support Network

HomeDefectsLIN9-6804

Fixed

LIN9-6804 : Security Advisory - qemu - CVE-2016-9602

Created: May 2, 2018 Updated: Dec 3, 2018

Resolved Date: Sep 19, 2018

Found In Version: 9.0.0.15

Fix Version: 9.0.0.18

Severity: Standard

Applicable for: Wind River Linux 9

Component/s: Userspace

Description

Qemu before version 2.9 is vulnerable to an improper link following when built with the VirtFS. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host.

https://nvd.nist.gov/vuln/detail/CVE-2016-9602

Other Downloads

Wind River Linux 9.0.0.18
Wind River Linux 9.0.0.19
Wind River Linux 9.0.0.20
Wind River Linux 9.0.0.21
Wind River Linux 9.0.0.22
Wind River Linux 9.0.0.23
Wind River Linux 9.0.0.24
Wind River Linux 9.0.0.25
Wind River Linux 9.0.0.26

CVEs

CVE-2016-9602