CVE-2023-1386 LOW

CVE-2023-1386: Qemu: 9pfs: suid/sgid bits not dropped on file write

Vendor N/A
Product qemu
Weakness CWE-281
Published July 24, 2023
Last update September 25, 2024

CVSS base score

3.3/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. When a local user in the guest writes an executable file with SUID or SGID, none of these privileged bits are correctly dropped. As a result, in rare circumstances, this flaw could be used by malicious users in the guest to elevate their privileges within the guest and help a host local user to elevate privileges on the host.

Key dates

02Disclosure timeline

July 24, 2023 CVE published
September 25, 2024 Record updated