P J P
2018-12-06 09:08:32 UTC
Hello,
A flaw was found in qemu Media Transfer Protocol (MTP). A path traversal in
the in usb_mtp_write_data function in hw/usb/dev-mtp.c due to an improper
filename sanitization. When the guest device is mounted in read-write mode,
this allows to read/write arbitrary files which may lead do DoS scenario OR
possibly lead to code execution on the host.
Upstream patch:
---------------
-> https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg00390.html
This issue was reported by Michael Hanselmann of hansmi.ch.
Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F
A flaw was found in qemu Media Transfer Protocol (MTP). A path traversal in
the in usb_mtp_write_data function in hw/usb/dev-mtp.c due to an improper
filename sanitization. When the guest device is mounted in read-write mode,
this allows to read/write arbitrary files which may lead do DoS scenario OR
possibly lead to code execution on the host.
Upstream patch:
---------------
-> https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg00390.html
This issue was reported by Michael Hanselmann of hansmi.ch.
Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F