CVE-2023-1386

🗓️ 24 Jul 2023 15:19:25Reported by redhatType

Flaw in 9pfs implementation in QEMU allows local guest users to elevate privilege

Reporter	Title	Published	Views	Family All 23
ATTACKERKB	CVE-2023-1386	24 Jul 202316:15	–	attackerkb
AlpineLinux	CVE-2023-1386	24 Jul 202315:19	–	alpinelinux
Circl	CVE-2023-1386	24 Jul 202320:26	–	circl
CNNVD	QEMU 安全漏洞	24 Jul 202300:00	–	cnnvd
CNVD	QEMU elevation of privilege vulnerability (CNVD-2023-61011)	30 Jul 202300:00	–	cnvd
Cvelist	CVE-2023-1386 Qemu: 9pfs: suid/sgid bits not dropped on file write	24 Jul 202315:19	–	cvelist
Debian CVE	CVE-2023-1386	24 Jul 202315:19	–	debiancve
EUVD	EUVD-2023-23642	3 Oct 202520:07	–	euvd
NVD	CVE-2023-1386	24 Jul 202316:15	–	nvd
OSV	AZL-27767 CVE-2023-1386 affecting package qemu 6.2.0-26	24 Jul 202316:15	–	osv

NVD

Node

qemu qemu

Node

fedoraproject fedoraMatch38

[
  {
    "product": "qemu",
    "vendor": "n/a",
    "defaultStatus": "affected"
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 6",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "qemu-kvm",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:6"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "qemu-kvm",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "qemu-kvm-ma",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "virt:rhel/qemu-kvm",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8 Advanced Virtualization",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "virt:av/qemu-kvm",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/a:redhat:advanced_virtualization:8::el8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "qemu-kvm",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:9"
    ]
  },
  {
    "product": "Fedora",
    "vendor": "Fedora",
    "collectionURL": "https://packages.fedoraproject.org/",
    "packageName": "qemu",
    "defaultStatus": "affected"
  },
  {
    "product": "Extra Packages for Enterprise Linux",
    "vendor": "Fedora",
    "collectionURL": "https://packages.fedoraproject.org/",
    "packageName": "qemu",
    "defaultStatus": "unaffected"
  }
]

Source	Link
github	www.github.com/v9fs/linux/issues/29
security	www.security.netapp.com/advisory/ntap-20230831-0005/
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
github	www.github.com/advisories/GHSA-ppj8-867g-rgjr
access	www.access.redhat.com/security/cve/CVE-2023-1386

21 Nov 2024 07:39Current

4.6Medium risk

Vulners AI Score4.6

CVSS 3.13.3 - 7.8

EPSS0.00017

SSVC

CWE-281