CVE-2022-0358
published 2022-08-29CVE-2022-0358: A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This flaw is strictly related to CVE-2018-13405. A local guest…
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of the group. This could allow a malicious unprivileged user inside the guest to gain access to resources accessible to the root group, potentially escalating their privileges within the guest. A malicious local user in the host might also leverage this unexpected executable file created by the guest to escalate their privileges on the host system.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | qemu | < qemu 1:7.0+dfsg-1 (bookworm) | qemu 1:7.0+dfsg-1 (bookworm) |
| msrc | azl3_qemu_6.2.0-18_on_azure_linux_3.0 | — | — |
| msrc | azure_linux_3.0_arm | — | — |
| msrc | azure_linux_3.0_x64 | — | — |
| msrc | cbl2_qemu_6.2.0-5_on_cbl_mariner_2.0 | — | — |
| msrc | cbl_mariner_1.0_arm | — | — |
| msrc | cbl_mariner_1.0_x64 | — | — |
| msrc | cbl_mariner_2.0_arm | — | — |
| msrc | cbl_mariner_2.0_x64 | — | — |
| msrc | cm1_qemu-kvm_4.2.0-48_on_cbl_mariner_1.0 | — | — |
| qemu | qemu | < 6.2.0-7 | 6.2.0-7 |
| qemu | qemu | >= 0 < 1:5.2+dfsg-11+deb11u2 | 1:5.2+dfsg-11+deb11u2 |
| qemu | qemu | >= 0 < 1:7.0+dfsg-1 | 1:7.0+dfsg-1 |
| qemu | qemu | >= 0 < 1:7.0+dfsg-1 | 1:7.0+dfsg-1 |
| qemu | qemu | >= 0 < 1:7.0+dfsg-1 | 1:7.0+dfsg-1 |
| qemu | qemu | >= 0 < 1:2.11+dfsg-1ubuntu7.39 | 1:2.11+dfsg-1ubuntu7.39 |
| qemu | qemu | >= 0 < 1:2.11+dfsg-1ubuntu7.40 | 1:2.11+dfsg-1ubuntu7.40 |
| qemu | qemu | >= 0 < 1:4.2-3ubuntu6.21 | 1:4.2-3ubuntu6.21 |
| qemu | qemu | >= 0 < 1:4.2-3ubuntu6.23 | 1:4.2-3ubuntu6.23 |
| qemu | qemu | >= 0 < 1:6.2+dfsg-2ubuntu6.2 | 1:6.2+dfsg-2ubuntu6.2 |
| redhat | enterprise_linux | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.8HIGH
Microsoft
A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories sha
vendor_msrc·2022-08-09·CVSS 7.8
CVE-2022-0358 [HIGH] CWE-273 A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories sha
A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of the group. This could allow a malicious unprivileged user inside the guest to gain access to resources accessible to the root group potentially escalating their privileges within the guest. A malicious local user in the host might also leverage this unexpected executable file created by the guest to escalate their privileges on the host system.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is th
Ubuntu
QEMU vulnerabilities
vendor_ubuntu·2022-06-21·CVSS 6.1
CVE-2022-26354 [MEDIUM] QEMU vulnerabilities
Title: QEMU vulnerabilities
Summary: Several security issues were fixed in QEMU.
Alexander Bulekov discovered that QEMU incorrectly handled floppy disk
emulation. A privileged attacker inside the guest could use this issue to
cause QEMU to crash, resulting in a denial of service, or possibly leak
sensitive information. (CVE-2021-3507)
It was discovered that QEMU incorrectly handled NVME controller emulation.
An attacker inside the guest could use this issue to cause QEMU to crash,
resulting in a denial of service, or possibly execute arbitrary code. This
issue only affected Ubuntu 22.04 LTS. (CVE-2021-3929)
It was discovered that QEMU incorrectly handled QXL display device
emulation. A privileged attacker inside the guest could use this issue to
cause QEMU to crash, resulting in a deni
Ubuntu
QEMU vulnerabilities
vendor_ubuntu·2022-02-28·CVSS 6.5
CVE-2021-3544 [MEDIUM] QEMU vulnerabilities
Title: QEMU vulnerabilities
Summary: Several security issues were fixed in QEMU.
Gaoning Pan discovered that QEMU incorrectly handled the floppy disk
emulator. An attacker inside the guest could use this issue to cause QEMU
to crash, resulting in a denial of service. (CVE-2021-20196)
Gaoning Pan discovered that the QEMU vmxnet3 NIC emulator incorrectly
handled certain values. An attacker inside the guest could use this issue
to cause QEMU to crash, resulting in a denial of service. (CVE-2021-20203)
It was discovered that the QEMU vhost-user GPU device contained several
security issues. An attacker inside the guest could use these issues to
cause QEMU to crash, resulting in a denial of service, leak sensitive
information, or possibly execute arbitrary code. This issue only affected
Ubun
Red Hat
QEMU: virtiofsd: potential privilege escalation via CVE-2018-13405
vendor_redhat·2022-01-25·CVSS 7.8
CVE-2022-0358 [HIGH] CWE-273 QEMU: virtiofsd: potential privilege escalation via CVE-2018-13405
QEMU: virtiofsd: potential privilege escalation via CVE-2018-13405
A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of the group. This could allow a malicious unprivileged user inside the guest to gain access to resources accessible to the root group, potentially escalating their privileges within the guest. A malicious local user in the host might also leverage this unexpected executable file created by the guest to escalate their privileges on the host system.
A flaw was found in the QE
Debian
CVE-2022-0358: qemu - A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) imp...
vendor_debian·2022·CVSS 7.8
CVE-2022-0358 [HIGH] CVE-2022-0358: qemu - A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) imp...
A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of the group. This could allow a malicious unprivileged user inside the guest to gain access to resources accessible to the root group, potentially escalating their privileges within the guest. A malicious local user in the host might also leverage this unexpected executable file created by the guest to escalate their privileges on the host system.
Scope: local
bookworm: resolved (fixed in 1:7.0+dfsg-1)
bullseye: resolved (fixed in 1:5.2+dfsg
GHSA
GHSA-mv2v-9q68-4c8h: A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation
ghsa_unreviewed·2022-08-29·CVSS 7.8
CVE-2022-0358 [HIGH] CWE-273 GHSA-mv2v-9q68-4c8h: A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation
A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of the group. This could allow a malicious unprivileged user inside the guest to gain access to resources accessible to the root group, potentially escalating their privileges within the guest. A malicious local user in the host might also leverage this unexpected executable file created by the guest to escalate their privileges on the host system.
OSV
CVE-2022-0358: A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation
osv·2022-08-29·CVSS 7.8
CVE-2022-0358 [HIGH] CVE-2022-0358: A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation
A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of the group. This could allow a malicious unprivileged user inside the guest to gain access to resources accessible to the root group, potentially escalating their privileges within the guest. A malicious local user in the host might also leverage this unexpected executable file created by the guest to escalate their privileges on the host system.
OSV
qemu vulnerabilities
osv·2022-06-21·CVSS 6.1
CVE-2021-3507 [MEDIUM] qemu vulnerabilities
qemu vulnerabilities
Alexander Bulekov discovered that QEMU incorrectly handled floppy disk
emulation. A privileged attacker inside the guest could use this issue to
cause QEMU to crash, resulting in a denial of service, or possibly leak
sensitive information. (CVE-2021-3507)
It was discovered that QEMU incorrectly handled NVME controller emulation.
An attacker inside the guest could use this issue to cause QEMU to crash,
resulting in a denial of service, or possibly execute arbitrary code. This
issue only affected Ubuntu 22.04 LTS. (CVE-2021-3929)
It was discovered that QEMU incorrectly handled QXL display device
emulation. A privileged attacker inside the guest could use this issue to
cause QEMU to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2021-
OSV
qemu vulnerabilities
osv·2022-02-28·CVSS 6.5
CVE-2021-20196 [MEDIUM] qemu vulnerabilities
qemu vulnerabilities
Gaoning Pan discovered that QEMU incorrectly handled the floppy disk
emulator. An attacker inside the guest could use this issue to cause QEMU
to crash, resulting in a denial of service. (CVE-2021-20196)
Gaoning Pan discovered that the QEMU vmxnet3 NIC emulator incorrectly
handled certain values. An attacker inside the guest could use this issue
to cause QEMU to crash, resulting in a denial of service. (CVE-2021-20203)
It was discovered that the QEMU vhost-user GPU device contained several
security issues. An attacker inside the guest could use these issues to
cause QEMU to crash, resulting in a denial of service, leak sensitive
information, or possibly execute arbitrary code. This issue only affected
Ubuntu 21.10. (CVE-2021-3544, CVE-2021-3545, CVE-2021-3546)
It w
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://access.redhat.com/security/cve/CVE-2022-0358https://bugzilla.redhat.com/show_bug.cgi?id=2044863https://gitlab.com/qemu-project/qemu/-/commit/449e8171f96a6a944d1f3b7d3627ae059eae21cahttps://security.netapp.com/advisory/ntap-20221007-0008/https://access.redhat.com/security/cve/CVE-2022-0358https://bugzilla.redhat.com/show_bug.cgi?id=2044863https://gitlab.com/qemu-project/qemu/-/commit/449e8171f96a6a944d1f3b7d3627ae059eae21cahttps://security.netapp.com/advisory/ntap-20221007-0008/
2022-08-29
Published