A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. When a local user in the guest writes an executable file with SUID or SGID, none of these privileged bits are correctly dropped. As a result, in rare circumstances, this flaw could be used by malicious users in the guest to elevate their privileges within the guest and help a host local user to elevate privileges on the host.
| Version | Score | Severity | Vector String |
|---|---|---|---|
| 3.1 | 3.3 | Low | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
| Product | Vendor | Version |
|---|---|---|
| Fedora | Fedora | Version 1703 for x64-based Systems |
| Red Hat Enterprise Linux 9 | Red Hat | n/a |
| Red Hat Enterprise Linux 6 | Red Hat | n/a |
| Red Hat Enterprise Linux 7 | Red Hat | 32-bit Systems |
| Red Hat Enterprise Linux 7 | Red Hat | Version 1511 for x64-based Systems |
| Red Hat Enterprise Linux 8 Advanced Virtualization | Red Hat | n/a |
| Red Hat Enterprise Linux 8 | Red Hat | < publication |
| qemu | n/a | < 10.0.19044.1889 |