CVE-2022-0358

QEMU: virtiofsd: potential privilege escalation via CVE-2018-13405

Severity Score

7.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of the group. This could allow a malicious unprivileged user inside the guest to gain access to resources accessible to the root group, potentially escalating their privileges within the guest. A malicious local user in the host might also leverage this unexpected executable file created by the guest to escalate their privileges on the host system.

Se ha encontrado un fallo en la implementación del demonio del sistema de archivos compartidos de QEMU virtio-fs (virtiofsd). Este fallo está estrictamente relacionado con CVE-2018-13405. Un usuario invitado local puede crear archivos en los directorios compartidos por virtio-fs con propiedad de grupo no intencionada en un escenario en el que un directorio es SGID a un determinado grupo y es escribible por un usuario que no es miembro del grupo. Esto podría permitir a un usuario malicioso no privilegiado dentro del huésped conseguir acceso a recursos accesibles al grupo root, escalando potencialmente sus privilegios dentro del huésped. Un usuario local malicioso en el huésped también podría aprovechar este archivo ejecutable no esperado creado por el huésped para escalar sus privilegios en el sistema huésped

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-01-25 CVE Reserved
2022-02-28 CVE Published
2023-03-08 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-273: Improper Check for Dropped Privileges

CAPEC

References (4)

URL	Tag	Source
https://security.netapp.com/advisory/ntap-20221007-0008	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
https://bugzilla.redhat.com/show_bug.cgi?id=2044863	2022-03-21
https://gitlab.com/qemu-project/qemu/-/commit/449e8171f96a6a944d1f3b7d3627ae059eae21ca	2022-12-09

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2022-0358	2022-03-21

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Qemu Search vendor "Qemu"		Qemu Search vendor "Qemu" for product "Qemu"				< 6.2.0-7 Search vendor "Qemu" for product "Qemu" and version " < 6.2.0-7"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"				8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0"		advanced_virtualization		Affected