CVE-2023-1386 — Improper Preservation of Permissions in Qemu

CWE-281 — Improper Preservation of Permissions CWE-1386 — Insecure Operation on Windows Junction / Mount Point CWE-59 — Link Following6 documents6 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 96.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Github.com Hashicorp Vagrant Fedoraproject Fedora Debian Qemu

Timeline

PublishedJul 24

Latest updateOct 28

Description

A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. When a local user in the guest writes an executable file with SUID or SGID, none of these privileged bits are correctly dropped. As a result, in rare circumstances, this flaw could be used by malicious users in the guest to elevate their privileges within the guest and help a host local user to elevate privileges on the host.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶debiandebian/qemu

▶Gogithub.com/hashicorp_vagrant< 2.4.0

Also affects: Fedora 38

🔴Vulnerability Details

GHSA

HashiCorp Vagrant Insecure Operation on Windows Junction / Mount Point vulnerability↗2023-10-28

▶

OSV

CVE-2023-1386: A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU↗2023-07-24

▶

GHSA

GHSA-ppj8-867g-rgjr: A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU↗2023-07-24

▶

📋Vendor Advisories

Red Hat

QEMU: 9pfs: SUID/SGID bits not dropped on file write↗2023-03-07

▶

Debian

CVE-2023-1386: qemu - A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU....↗2023

▶