Qemu: 9pfs: suid/sgid bits not dropped on file write
CVE-2023-1386

7.8HIGH

Key Information:

Vendor: Red Hat
Status: Qemu; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8
Vendor: CVE Published:; 24 July 2023

Summary

An identified flaw in QEMU's 9p passthrough filesystem (9pfs) enables local users within a guest to manipulate executable files with SUID or SGID without proper restrictions on these privileged bits. In specific scenarios, this vulnerability can be exploited by malicious individuals in the guest environment, facilitating unauthorized privilege elevation within the guest and potentially impacting the host system's security.

References

https://access.redhat.com/security/cve/CVE-2023-1386

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2223985

issue-trackingx_refsource_REDHAT

https://github.com/advisories/GHSA-ppj8-867g-rgjr

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 24, 2023
Vulnerability Reserved
Mar 14, 2023

Collectors

NVD DatabaseMitre Database