CVE-2023-1386

Qemu: 9pfs: suid/sgid bits not dropped on file write

Published: 7/24/2023 Last updated: 9/25/2024 Reserved: 3/14/2023

A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. When a local user in the guest writes an executable file with SUID or SGID, none of these privileged bits are correctly dropped. As a result, in rare circumstances, this flaw could be used by malicious users in the guest to elevate their privileges within the guest and help a host local user to elevate privileges on the host.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	3.3	Low	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Opam packages affected (2)

conf-qemu-img nbd-tool

Products affected (9)

Product	Vendor	Version
Fedora	Fedora	<= 5.10.*
Extra Packages for Enterprise Linux	Fedora	<= 5.15.*
Red Hat Enterprise Linux 9	Red Hat	< 4.2
Red Hat Enterprise Linux 6	Red Hat	< fb0f1c5eb8d60b3e018ba7c87da249b52674ebe6
Red Hat Enterprise Linux 7	Red Hat	< db728a891f9177b044aaca89b678f6b5e24d5cc3
Red Hat Enterprise Linux 7	Red Hat	< 54cf47da0c7532d151d76e5d63f5936191698c44
Red Hat Enterprise Linux 8 Advanced Virtualization	Red Hat	4.2
Red Hat Enterprise Linux 8	Red Hat	< b131fa8c1d2afd05d0b7598621114674289c2fbb
qemu	n/a	< 54c1e0e3bbcab2abe25b2874a43050ae5df87831

CVE-2023-1386

Qemu: 9pfs: suid/sgid bits not dropped on file write

Metrics

Opam packages affected (2)

Products affected (9)

References (20)