CVE-2023-0664

Published: 3/29/2023 Last updated: 2/18/2025 Reserved: 2/3/2023

A flaw was found in the QEMU Guest Agent service for Windows. A local unprivileged user may be able to manipulate the QEMU Guest Agent's Windows installer via repair custom actions to elevate their privileges on the system.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	7.8	High	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Opam packages affected (2)

conf-qemu-img nbd-tool

Products affected (0)

No product listed.

References (14)

https://bugzilla.redhat.com/show_bug.cgi?id=2167423
https://lists.nongnu.org/archive/html/qemu-devel/2023-03/msg01445.html
https://gitlab.com/qemu-project/qemu/-/commit/88288c2a51faa7c795f053fc8b31b1c16ff804c5
https://gitlab.com/qemu-project/qemu/-/commit/07ce178a2b0768eb9e712bb5ad0cf6dc7fcf0158
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SEOC7SRJWLZSXCND2ADFW6C76ZMTZLE4/
https://security.netapp.com/advisory/ntap-20230517-0005/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MURWGXDIF2WTDXV36T6HFJDBL632AO7R/
https://bugzilla.redhat.com/show_bug.cgi?id=2167423
https://lists.nongnu.org/archive/html/qemu-devel/2023-03/msg01445.html
https://gitlab.com/qemu-project/qemu/-/commit/88288c2a51faa7c795f053fc8b31b1c16ff804c5
https://gitlab.com/qemu-project/qemu/-/commit/07ce178a2b0768eb9e712bb5ad0cf6dc7fcf0158
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SEOC7SRJWLZSXCND2ADFW6C76ZMTZLE4/
https://security.netapp.com/advisory/ntap-20230517-0005/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MURWGXDIF2WTDXV36T6HFJDBL632AO7R/