{"id":"CVE-2020-35517","details":"A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared directory and use it to r/w access host devices.","modified":"2026-04-11T16:25:26.140474Z","published":"2021-01-28T20:15:12.913Z","related":["ALSA-2021:0711"],"references":[{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202208-27"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20210312-0002/"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1915823"},{"type":"FIX","url":"https://github.com/qemu/qemu/commit/ebf101955ce8f8d72fba103b5151115a4335de2c"},{"type":"FIX","url":"https://lists.gnu.org/archive/html/qemu-devel/2021-01/msg05461.html"},{"type":"FIX","url":"https://www.openwall.com/lists/oss-security/2021/01/22/1"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/qemu/qemu","events":[{"introduced":"0"},{"fixed":"ebf101955ce8f8d72fba103b5151115a4335de2c"}]},{"type":"GIT","repo":"https://github.com/qemu/qemu","events":[{"introduced":"0"},{"fixed":"ebf101955ce8f8d72fba103b5151115a4335de2c"}]}],"versions":["v0.1.0","v0.1.1","v0.1.3","v0.1.4","v0.1.5","v0.1.6","v0.11.0-rc0","v0.12.0-rc0","v0.13.0-rc0","v0.14.0-rc0","v0.2.0","v0.3.0","v0.4.0","v0.4.1","v0.4.2","v0.4.3","v0.4.4","v0.5.0","v1.0","v1.0-rc0","v1.0-rc1","v1.0-rc2","v1.0-rc3","v1.0-rc4","v1.1-rc0","v1.1-rc1","v1.1-rc2","v1.1.0","v1.1.0-rc2","v1.1.0-rc3","v1.1.0-rc4","v1.2.0","v1.2.0-rc0","v1.2.0-rc1","v1.2.0-rc2","v1.2.0-rc3","v1.3.0","v1.3.0-rc0","v1.3.0-rc1","v1.3.0-rc2","v1.4.0","v1.4.0-rc0","v1.4.0-rc1","v1.4.0-rc2","v1.5.0","v1.5.0-rc0","v1.5.0-rc1","v1.5.0-rc2","v1.5.0-rc3","v1.6.0","v1.6.0-rc0","v1.6.0-rc1","v1.6.0-rc2","v1.6.0-rc3","v1.7.0","v1.7.0-rc0","v1.7.0-rc1","v1.7.0-rc2","v2.0.0","v2.0.0-rc0","v2.0.0-rc1","v2.0.0-rc2","v2.0.0-rc3","v2.1.0","v2.1.0-rc0","v2.1.0-rc1","v2.1.0-rc2","v2.1.0-rc3","v2.1.0-rc4","v2.1.0-rc5","v2.10.0","v2.10.0-rc0","v2.10.0-rc1","v2.10.0-rc2","v2.10.0-rc3","v2.10.0-rc4","v2.11.0","v2.11.0-rc0","v2.11.0-rc1","v2.11.0-rc2","v2.11.0-rc3","v2.11.0-rc4","v2.11.0-rc5","v2.12.0","v2.12.0-rc0","v2.12.0-rc1","v2.12.0-rc2","v2.12.0-rc3","v2.12.0-rc4","v2.2.0","v2.2.0-rc0","v2.2.0-rc1","v2.2.0-rc2","v2.2.0-rc3","v2.2.0-rc4","v2.2.0-rc5","v2.3.0","v2.3.0-rc0","v2.3.0-rc1","v2.3.0-rc2","v2.3.0-rc3","v2.3.0-rc4","v2.4.0","v2.4.0-rc0","v2.4.0-rc1","v2.4.0-rc2","v2.4.0-rc3","v2.4.0-rc4","v2.5.0","v2.5.0-rc0","v2.5.0-rc1","v2.5.0-rc2","v2.5.0-rc3","v2.5.0-rc4","v2.6.0","v2.6.0-rc0","v2.6.0-rc1","v2.6.0-rc2","v2.6.0-rc3","v2.6.0-rc4","v2.6.0-rc5","v2.7.0","v2.7.0-rc0","v2.7.0-rc1","v2.7.0-rc2","v2.7.0-rc3","v2.7.0-rc4","v2.7.0-rc5","v2.8.0","v2.8.0-rc0","v2.8.0-rc1","v2.8.0-rc2","v2.8.0-rc3","v2.8.0-rc4","v2.9.0","v2.9.0-rc0","v2.9.0-rc1","v2.9.0-rc2","v2.9.0-rc3","v2.9.0-rc4","v2.9.0-rc5","v3.0.0","v3.0.0-rc0","v3.0.0-rc1","v3.0.0-rc2","v3.0.0-rc3","v3.0.0-rc4","v3.1.0","v3.1.0-rc0","v3.1.0-rc1","v3.1.0-rc2","v3.1.0-rc3","v3.1.0-rc4","v3.1.0-rc5","v4.0.0","v4.0.0-rc0","v4.0.0-rc1","v4.0.0-rc2","v4.0.0-rc3","v4.0.0-rc4","v4.1.0","v4.1.0-rc0","v4.1.0-rc1","v4.1.0-rc2","v4.1.0-rc3","v4.1.0-rc4","v4.1.0-rc5","v4.2.0","v4.2.0-rc0","v4.2.0-rc1","v4.2.0-rc2","v4.2.0-rc3","v4.2.0-rc4","v4.2.0-rc5","v5.0.0","v5.0.0-rc0","v5.0.0-rc1","v5.0.0-rc2","v5.0.0-rc3","v5.0.0-rc4","v5.1.0","v5.1.0-rc0","v5.1.0-rc1","v5.1.0-rc2","v5.1.0-rc3"],"database_specific":{"vanir_signatures":[{"target":{"file":"tools/virtiofsd/passthrough_ll.c"},"signature_version":"v1","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["249749509298499509584371485767556501466","12711853182023023152205651908599103558","315258729476991449674869043710353997190","204019443791831233187732787701240963246","170281510680235729371742125984515929753","164659170381731676902561706733556640937","232319948962351838979387671832972659832","305079778107006734855590619604593284998","39305894112754925740096762295168641077","276082376246000913282875299855255613144","328343706111384061994435901361595455341","219949455046928206170238000331014219943","334406337309450458704185951770503366463","293021897631797332104993338272819609744","252115674339640699162879098670850943968","228219910060695848906093012538773541096","87754294341068678992578734537544486060","160818454510647963155754149517232177224","151192488196935969072428520761013750325","123848594727535638370897045815574337890","308896583069880168843792207651436176354","59516531585813507903925809805615056773","292321622711020180722545376535975169506","43572313762544356283118112557704711241","88010914881750275784855363694378048531","8486564251605823966445302371346450272","46847805536993130047683615076577617922","252675941779889596571296404674957564794","137994728785694869779579950183260600928","238561854233320159021238617870068070754"]},"id":"CVE-2020-35517-13be68d5","source":"https://github.com/qemu/qemu/commit/ebf101955ce8f8d72fba103b5151115a4335de2c","deprecated":false},{"target":{"function":"setup_namespaces","file":"tools/virtiofsd/passthrough_ll.c"},"signature_version":"v1","signature_type":"Function","digest":{"function_hash":"190598348096459599034904182258331633617","length":1732},"id":"CVE-2020-35517-8c795e23","source":"https://github.com/qemu/qemu/commit/ebf101955ce8f8d72fba103b5151115a4335de2c","deprecated":false}],"unresolved_ranges":[{"events":[{"introduced":"5.0.0"},{"last_affected":"5.2.50"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-35517.json","vanir_signatures_modified":"2026-04-11T16:25:26Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"}]}