CVE-2023-1386

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Jul 24, 2023

Updated: Apr 17, 2024

CWE ID 281

Summary

CVE-2023-1386 is a vulnerability affecting the 9p passthrough filesystem (9pfs) implementation in QEMU. If a local user in the guest creates an executable file with SUID or SGID privileges, these bits are not dropped properly. In rare situations, this issue could enable malicious guests to escalate their privileges within the guest system. Moreover, an attacker could potentially use this flaw to assist a host user in elevating their privileges on the host machine.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

QEMU
Fedora Operating System

Affected Vendors

Qemu
Fedora Project

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sDNoZC
https://www.cve.org/CVERecord?id=CVE-2023-1386
https://nvd.nist.gov/vuln/detail/CVE-2023-1386

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Predator Still Active, with New Client and Corporate Links Identified

Russia-Aligned TAG-110 Targets Tajikistan with Macro-Enabled Word Documents

Measuring the US-China AI Gap

Know What Matters

For Customers

For Partners