Nixpkgs Security Tracker

Login with GitHub

Suggestion detail

Untriaged
Permalink CVE-2023-1386
3.3 LOW
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 6 months, 1 week ago
Suid/sgid bits not dropped on file write

A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. When a local user in the guest writes an executable file with SUID or SGID, none of these privileged bits are correctly dropped. As a result, in rare circumstances, this flaw could be used by malicious users in the guest to elevate their privileges within the guest and help a host local user to elevate privileges on the host.

References

Affected products

qemu
qemu-kvm
qemu-kvm-ma
virt:av/qemu-kvm
virt:rhel/qemu-kvm

Matching in nixpkgs

pkgs.qemu

Generic and open source machine emulator and virtualizer

  • nixos-unstable -

pkgs.qemu_kvm

Generic and open source machine emulator and virtualizer

  • nixos-unstable -

pkgs.qemu_xen

Generic and open source machine emulator and virtualizer

  • nixos-unstable -

pkgs.qemu-user

QEMU User space emulator - launch executables compiled for one CPU on another CPU

  • nixos-unstable -

pkgs.qemu_full

Generic and open source machine emulator and virtualizer

  • nixos-unstable -

pkgs.qemu_test

Generic and open source machine emulator and virtualizer

  • nixos-unstable -

pkgs.qemu-utils

Generic and open source machine emulator and virtualizer

  • nixos-unstable -

pkgs.qemu-python-utils

Python tooling used by the QEMU project to build, configure, and test QEMU

Package maintainers