CVE 2021-20181
A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0. This flaw allows a malicious 9p client to cause a use-after-free error, potentially escalating their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity as well as system availability.
Related bugs and status
CVE-2021-20181 (Candidate) is related to these bugs:
Bug #1887535: build operates differently if source is a git repo
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1887535 | build operates differently if source is a git repo | qemu (Ubuntu) | Low | Fix Released | ||
| 1887535 | build operates differently if source is a git repo | qemu (Ubuntu Groovy) | Low | Fix Released | ||
| 1887535 | build operates differently if source is a git repo | qemu (Ubuntu Bionic) | Low | New | ||
| 1887535 | build operates differently if source is a git repo | qemu (Ubuntu Focal) | Low | Fix Released | ||
| 1887535 | build operates differently if source is a git repo | qemu (Ubuntu Hirsute) | Low | Fix Released | ||
Bug #1911666: ZDI-CAN-10904: QEMU Plan 9 File System TOCTOU Privilege Escalation Vulnerability
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1911666 | ZDI-CAN-10904: QEMU Plan 9 File System TOCTOU Privilege Escalation Vulnerability | QEMU | Undecided | Fix Released | ||
Bug #1914145: Please merge liburing 0.7-3 (main) from Debian unstable (main)
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1914145 | Please merge liburing 0.7-3 (main) from Debian unstable (main) | liburing (Ubuntu) | Wishlist | Fix Released | ||
| 1914145 | Please merge liburing 0.7-3 (main) from Debian unstable (main) | mpd (Ubuntu) | Wishlist | Fix Released | ||
| 1914145 | Please merge liburing 0.7-3 (main) from Debian unstable (main) | plocate (Ubuntu) | Wishlist | Fix Released | ||
| 1914145 | Please merge liburing 0.7-3 (main) from Debian unstable (main) | qemu (Ubuntu) | Wishlist | Fix Released | ||
| 1914145 | Please merge liburing 0.7-3 (main) from Debian unstable (main) | samba (Ubuntu) | Wishlist | Fix Released | ||
Bug #1916230: [Ubuntu 21.04] QEMU is missing virtio-9p-ccw
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1916230 | [Ubuntu 21.04] QEMU is missing virtio-9p-ccw | qemu (Ubuntu) | Medium | Fix Released | ||
| 1916230 | [Ubuntu 21.04] QEMU is missing virtio-9p-ccw | Ubuntu on IBM z Systems | Medium | Fix Released | ||
Bug #1916705: glib2.0 >=2.67.3 breaks include from an extern C context
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1916705 | glib2.0 >=2.67.3 breaks include from an extern C context | qemu (Ubuntu) | Undecided | Fix Released | ||
| 1916705 | glib2.0 >=2.67.3 breaks include from an extern C context | glib2.0 (Ubuntu) | Undecided | Fix Released | ||
| 1916705 | glib2.0 >=2.67.3 breaks include from an extern C context | ukui-control-center (Ubuntu) | Undecided | Fix Released | ||
| 1916705 | glib2.0 >=2.67.3 breaks include from an extern C context | open-vm-tools (Ubuntu) | Undecided | Fix Released | ||
| 1916705 | glib2.0 >=2.67.3 breaks include from an extern C context | wireshark (Ubuntu) | Undecided | Fix Released | ||
Bug #1921664: QEMU coroutines fail with LTO on non-x86_64 architectures
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1921664 | QEMU coroutines fail with LTO on non-x86_64 architectures | qemu (Ubuntu) | Medium | Fix Released | ||
| 1921664 | QEMU coroutines fail with LTO on non-x86_64 architectures | qemu (Fedora) | Medium | Confirmed | ||
| 1921664 | QEMU coroutines fail with LTO on non-x86_64 architectures | qemu (Ubuntu Jammy) | Undecided | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
