openkylin
/
qemu
mirror of https://gitee.com/openkylin/qemu.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity
qemu/hw
History
Christian Schoenebeck 52200a311a 9pfs: prevent opening special files (CVE-2023-2861) 
The 9p protocol does not specifically define how server shall behave when
client tries to open a special file, however from security POV it does
make sense for 9p server to prohibit opening any special file on host side
in general. A sane Linux 9p client for instance would never attempt to
open a special file on host side, it would always handle those exclusively
on its guest side. A malicious client however could potentially escape
from the exported 9p tree by creating and opening a device file on host
side.

With QEMU this could only be exploited in the following unsafe setups:

  - Running QEMU binary as root AND 9p 'local' fs driver AND 'passthrough'
    security model.

or

  - Using 9p 'proxy' fs driver (which is running its helper daemon as
    root).

These setups were already discouraged for safety reasons before,
however for obvious reasons we are now tightening behaviour on this.

Fixes: CVE-2023-2861
Reported-by: Yanwu Shen <ywsPlz@gmail.com>
Reported-by: Jietao Xiao <shawtao1125@gmail.com>
Reported-by: Jinku Li <jkli@xidian.edu.cn>
Reported-by: Wenbo Shen <shenwenbo@zju.edu.cn>
Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
Reviewed-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
Message-Id: <E1q6w7r-0000Q0-NM@lizzy.crudebyte.com>
Signed-off-by: zeng_chi <zengchi@kylinos.cn>
 		2024-03-18 16:43:45 +08:00
..
9pfs 9pfs: prevent opening special files (CVE-2023-2861) 2024-03-18 16:43:45 +08:00
acpi acpi: cpuhp: fix guest-visible maximum access size to the legacy reg block 2023-07-26 09:04:22 +00:00
adc New upstream version 7.1.0 2022-11-03 14:19:34 +08:00
alpha New upstream version 7.1.0 2022-11-03 14:19:34 +08:00
arm New upstream version 7.1.0 2022-11-03 14:19:34 +08:00
audio New upstream version 7.1.0 2022-11-03 14:19:34 +08:00
avr New upstream version 7.1.0 2022-11-03 14:19:34 +08:00
block New upstream version 7.1.0 2022-11-03 14:19:34 +08:00
char New upstream version 7.1.0 2022-11-03 14:19:34 +08:00
core New upstream version 7.1.0 2022-11-03 14:19:34 +08:00
cpu New upstream version 7.1.0 2022-11-03 14:19:34 +08:00
cris New upstream version 7.1.0 2022-11-03 14:19:34 +08:00
cxl New upstream version 7.1.0 2022-11-03 14:19:34 +08:00
display hw/display/qxl: Assert memory slot fits in preallocated MemoryRegion 2024-01-06 09:33:11 +08:00
dma New upstream version 7.1.0 2022-11-03 14:19:34 +08:00
gpio New upstream version 7.1.0 2022-11-03 14:19:34 +08:00
hppa New upstream version 7.1.0 2022-11-03 14:19:34 +08:00
hyperv New upstream version 7.1.0 2022-11-03 14:19:34 +08:00
i2c New upstream version 7.1.0 2022-11-03 14:19:34 +08:00
i386 set default machine type to be microvm if CONFIG_MICROVM is defined 2022-11-09 22:24:21 +08:00
ide hw/ide: reset: cancel async DMA operation before resetting state 2024-02-04 17:13:45 +08:00
input New upstream version 7.1.0 2022-11-03 14:19:34 +08:00
intc New upstream version 7.1.0 2022-11-03 14:19:34 +08:00
ipack New upstream version 7.1.0 2022-11-03 14:19:34 +08:00
ipmi New upstream version 7.1.0 2022-11-03 14:19:34 +08:00
isa New upstream version 7.1.0 2022-11-03 14:19:34 +08:00
loongarch New upstream version 7.1.0 2022-11-03 14:19:34 +08:00
m68k New upstream version 7.1.0 2022-11-03 14:19:34 +08:00
mem New upstream version 7.1.0 2022-11-03 14:19:34 +08:00
microblaze New upstream version 7.1.0 2022-11-03 14:19:34 +08:00
mips New upstream version 7.1.0 2022-11-03 14:19:34 +08:00
misc New upstream version 7.1.0 2022-11-03 14:19:34 +08:00
net net: tulip: Restrict DMA engine to memories 2022-11-09 22:24:24 +08:00
nios2 New upstream version 7.1.0 2022-11-03 14:19:34 +08:00
nubus New upstream version 7.1.0 2022-11-03 14:19:34 +08:00
nvme hw/nvme: fix missing cq eventidx update 2023-10-30 09:28:53 +08:00
nvram New upstream version 7.1.0 2022-11-03 14:19:34 +08:00
openrisc New upstream version 7.1.0 2022-11-03 14:19:34 +08:00
pci New upstream version 7.1.0 2022-11-03 14:19:34 +08:00
pci-bridge New upstream version 7.1.0 2022-11-03 14:19:34 +08:00
pci-host New upstream version 7.1.0 2022-11-03 14:19:34 +08:00
pcmcia New upstream version 7.1.0 2022-11-03 14:19:34 +08:00
ppc New upstream version 7.1.0 2022-11-03 14:19:34 +08:00
rdma [PATCH v3] hw/pvrdma: Protect against buggy or malicious guest driver 2022-11-09 22:24:24 +08:00
remote New upstream version 7.1.0 2022-11-03 14:19:34 +08:00
riscv New upstream version 7.1.0 2022-11-03 14:19:34 +08:00
rtc New upstream version 7.1.0 2022-11-03 14:19:34 +08:00
rx New upstream version 7.1.0 2022-11-03 14:19:34 +08:00
s390x New upstream version 7.1.0 2022-11-03 14:19:34 +08:00
scsi hw/scsi/lsi53c895a: Fix reentrancy issues in the LSI controller (CVE-2023-0330) 2023-09-25 14:25:01 +08:00
sd New upstream version 7.1.0 2022-11-03 14:19:34 +08:00
sensor New upstream version 7.1.0 2022-11-03 14:19:34 +08:00
sh4 New upstream version 7.1.0 2022-11-03 14:19:34 +08:00
smbios New upstream version 7.1.0 2022-11-03 14:19:34 +08:00
sparc New upstream version 7.1.0 2022-11-03 14:19:34 +08:00
sparc64 New upstream version 7.1.0 2022-11-03 14:19:34 +08:00
ssi a few spelling fixes for the visible strings in binaries 2022-11-09 22:24:23 +08:00
timer New upstream version 7.1.0 2022-11-03 14:19:34 +08:00
tpm New upstream version 7.1.0 2022-11-03 14:19:34 +08:00
tricore New upstream version 7.1.0 2022-11-03 14:19:34 +08:00
usb New upstream version 7.1.0 2022-11-03 14:19:34 +08:00
vfio New upstream version 7.1.0 2022-11-03 14:19:34 +08:00
virtio !5 virtio: add a new vcpu watchdog 2023-07-26 08:54:30 +00:00
watchdog New upstream version 7.1.0 2022-11-03 14:19:34 +08:00
xen New upstream version 7.1.0 2022-11-03 14:19:34 +08:00
xenpv New upstream version 7.1.0 2022-11-03 14:19:34 +08:00
xtensa New upstream version 7.1.0 2022-11-03 14:19:34 +08:00
Kconfig New upstream version 7.1.0 2022-11-03 14:19:34 +08:00
meson.build New upstream version 7.1.0 2022-11-03 14:19:34 +08:00