CVE-2022-0358 — Improper Check for Dropped Privileges in Qemu
Severity
7.8HIGHNVD
OSV6.5OSV6.1
EPSS
0.0%
top 89.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedAug 29
Description
A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of the group. This could allow a malicious unprivileged user inside the guest to gain access to resources accessible to the root group, potentiall…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages4 packages
Also affects: Enterprise Linux 8.0
Patches
🔴Vulnerability Details
5GHSA▶
GHSA-mv2v-9q68-4c8h: A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation↗2022-08-29
OSV▶
CVE-2022-0358: A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation↗2022-08-29
CVEList▶
CVE-2022-0358: A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation↗2022-08-29
📋Vendor Advisories
5Microsoft▶
A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories sha↗2022-08-09
Debian▶
CVE-2022-0358: qemu - A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) imp...↗2022