vulnerability
Ubuntu: USN-3923-1 (CVE-2018-16867): QEMU vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:L/AC:M/Au:N/C:P/I:P/A:P) | Dec 12, 2018 | Apr 3, 2019 | Aug 18, 2025 |
Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
Dec 12, 2018
Added
Apr 3, 2019
Modified
Aug 18, 2025
Description
A flaw was found in qemu Media Transfer Protocol (MTP) before version 3.1.0. A path traversal in the in usb_mtp_write_data function in hw/usb/dev-mtp.c due to an improper filename sanitization. When the guest device is mounted in read-write mode, this allows to read/write arbitrary files which may lead do DoS scenario OR possibly lead to code execution on the host.
Solutions
ubuntu-upgrade-qemu-systemubuntu-upgrade-qemu-system-armubuntu-upgrade-qemu-system-dataubuntu-upgrade-qemu-system-guiubuntu-upgrade-qemu-system-mipsubuntu-upgrade-qemu-system-miscubuntu-upgrade-qemu-system-ppcubuntu-upgrade-qemu-system-s390xubuntu-upgrade-qemu-system-sparcubuntu-upgrade-qemu-system-x86
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.