CVE-2023-2861 Overview
CVE-2023-2861 is a flaw in the 9p passthrough filesystem (9pfs) implementation in QEMU. The 9pfs server did not prohibit opening special files on the host side. A malicious guest client can create and open a device file inside the shared folder to escape the exported 9p tree. This breaks the isolation boundary between guest and host, exposing host-side devices to unauthorized access from within the virtualized environment. The flaw is tracked under [CWE-284] (Improper Access Control) and affects deployments that rely on QEMU's 9pfs for sharing host directories with guests.
Critical Impact
A local authenticated guest user can break out of the exported 9p directory and access host device files, compromising host confidentiality and integrity.
Affected Products
- QEMU (qemu:qemu) — versions with the 9p passthrough filesystem feature enabled
- Red Hat Enterprise Linux distributions shipping vulnerable QEMU builds
- Debian LTS QEMU packages (see Debian advisory)
Discovery Timeline
- 2023-12-06 - CVE-2023-2861 published to NVD
- 2024-11-21 - Last updated in NVD database
Technical Details for CVE-2023-2861
Vulnerability Analysis
The 9p protocol allows a QEMU guest to mount a host directory through the virtio-9p or virtfs passthrough backend. The passthrough security model preserves UNIX file semantics on the host. The server-side 9pfs code in QEMU did not restrict the types of files a client could create and open. A guest can issue a Tmknod request to create a character or block device node inside the shared export. When the guest subsequently opens that node, the host honors the device major and minor numbers. This grants the guest direct read and write access to host devices such as /dev/mem, raw disks, or other privileged interfaces. The integrity and confidentiality impact extends beyond the exported tree to the entire host system.
Root Cause
The root cause is missing access control on file types accepted by the 9pfs server. The server treated device nodes as ordinary files and forwarded open() calls without filtering. Improper access control is classified under [CWE-284]. The fix requires the server to refuse opening non-regular, non-directory inodes on the host side.
Attack Vector
Exploitation requires local access inside the guest with privileges to create files in the 9p-mounted directory. The attacker calls mknod() from the guest to instantiate a device node in the shared folder. The 9pfs server creates the corresponding device file on the host. The attacker then opens the node and issues read() or write() syscalls to interact with the underlying host device. No host-side user interaction is required. See the Red Hat CVE-2023-2861 Advisory for additional technical context.
Detection Methods for CVE-2023-2861
Indicators of Compromise
- Unexpected device nodes (character or block) appearing inside directories exported via QEMU 9pfs on the host filesystem.
- Audit log entries showing mknod() syscalls from QEMU processes against shared 9p export paths.
- Guest-originated open() operations on device files within the 9p shared tree.
Detection Strategies
- Monitor host inodes under the 9p export root for file types other than regular files, directories, and symbolic links.
- Enable Linux audit rules on the QEMU process to capture mknod, mknodat, and openat syscalls touching the export path.
- Correlate guest VM activity with host-side filesystem changes inside shared directories to flag anomalous device creation.
Monitoring Recommendations
- Log and alert on QEMU virtfs or virtio-9p configuration changes on hypervisor hosts.
- Track package versions of QEMU across the fleet and compare against the patched versions listed in vendor advisories.
- Forward hypervisor audit and syslog data to a centralized analytics platform for retention and correlation.
How to Mitigate CVE-2023-2861
Immediate Actions Required
- Apply vendor-supplied QEMU updates from Red Hat, Debian, or NetApp as listed in the references below.
- Inventory all hypervisors using virtfs or virtio-9p passthrough and prioritize patching them first.
- Restrict guest users from gaining the privileges needed to invoke mknod() inside the shared filesystem.
Patch Information
Vendors have shipped fixed QEMU packages addressing CVE-2023-2861. Refer to the Red Hat CVE-2023-2861 Advisory, Red Hat Bug Report #2219266, Debian LTS Security Announcement, NetApp Security Advisory NTAP-20240125-0005, and NetApp Security Advisory NTAP-20240229-0002 for distribution-specific fixed versions.
Workarounds
- Disable QEMU 9p passthrough where it is not strictly required and use alternative sharing mechanisms such as virtiofs.
- Mount the host export directory with the nodev option so device nodes inside the export are not honored by the kernel.
- Place 9p exports on a dedicated filesystem owned by an unprivileged user to limit the scope of any host-side device creation.
# Configuration example: mount export with nodev to neutralize device nodes
mount -o remount,nodev /srv/qemu/9p-export
# Verify no unexpected device files exist in the export
find /srv/qemu/9p-export -xdev \( -type c -o -type b \) -print
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
