CVE-2023-1386

Qemu: 9pfs: suid/sgid bits not dropped on file write

Description

A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. When a local user in the guest writes an executable file with SUID or SGID, none of these privileged bits are correctly dropped. As a result, in rare circumstances, this flaw could be used by malicious users in the guest to elevate their privileges within the guest and help a host local user to elevate privileges on the host.

References

Link	Tags
https://access.redhat.com/security/cve/CVE-2023-1386	third party advisory vdb entry
https://bugzilla.redhat.com/show_bug.cgi?id=2223985	third party advisory issue tracking
https://github.com/advisories/GHSA-ppj8-867g-rgjr
https://github.com/v9fs/linux/issues/29
https://security.netapp.com/advisory/ntap-20230831-0005/

Frequently Asked Questions

What is the severity of CVE-2023-1386?: CVE-2023-1386 has been scored as a low severity vulnerability.
How to fix CVE-2023-1386?: To fix CVE-2023-1386, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2023-1386 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2023-1386 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-1386?: CVE-2023-1386 affects n/a qemu, Red Hat Red Hat Enterprise Linux 6, Red Hat Red Hat Enterprise Linux 7, Red Hat Red Hat Enterprise Linux 7, Red Hat Red Hat Enterprise Linux 8, Red Hat Red Hat Enterprise Linux 8 Advanced Virtualization, Red Hat Red Hat Enterprise Linux 9, Fedora Fedora, Fedora Extra Packages for Enterprise Linux.

Description

Category

CWE-281 – Improper Preservation of Permissions

References

Frequently Asked Questions