CVE-2023-1386

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2023-1386

CGA ID

CGA-qjgx-fw7r-vqj4

Severity

7.8

High

CVSS V3

Description

A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. When a local user in the guest writes an executable file with SUID or SGID, none of these privileged bits are correctly dropped. As a result, in rare circumstances, this flaw could be used by malicious users in the guest to elevate their privileges within the guest and help a host local user to elevate privileges on the host.

References

https://images.chainguard.dev/security/CGA-qjgx-fw7r-vqj4
https://github.com/advisories/GHSA-ppj8-867g-rgjr
https://security.netapp.com/advisory/ntap-20230831-0005/
https://bugzilla.redhat.com/show_bug.cgi?id=2223985
https://github.com/v9fs/linux/issues/29
https://access.redhat.com/security/cve/CVE-2023-1386
https://security-tracker.debian.org/tracker/CVE-2023-1386

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CVE-2023-1386

Severity

Description

References

Affected packages

Products

Why Chainguard

Customers

Company

Resources