In a particular scenario where virtio-fs is used for networked file sharing and one of the guest’s files is created with unintended group ownership, a malicious user in the guest who is not a member of the group that the file belongs to can take advantage of this flaw to escalate their privileges on the host system.
A race condition flaw was found in the way QEMU’s CD driver handled the disc queue. An attacker in the guest could use this flaw to issue a command to bypass access restrictions. The issue only affects versions of QEMU from 1.1 through 2.9. A race condition was found in the way QEMU's CD-ROM emulation handled CD-ROM drives with more than one vendor emulation. An attacker in the guest could use this flaw to issue a command to bypass access restrictions. The issue only affects versions of QEMU from 1.1 through 2.9. A race condition was found in the way QEMU's CD-ROM emulation handled CD-ROM drives with more than one vendor emulation. An attacker in the guest could use this flaw to issue a command to bypass access restrictions. The issue only affects versions of QEMU from 1.1 through 2.9. A race condition was found in the way QEMU's CD-ROM emulation handled CD-ROM drives with more than one vendor emulation. An attacker in the guest could use this flaw to issue a command to bypass access restrictions. The
References
CVE-2022-0358 CVE-2022-0359
Timeline
Published on: 08/29/2022 15:15:00 UTC
Last modified on: 10/07/2022 14:16:00 UTC
References
- https://access.redhat.com/security/cve/CVE-2022-0358
- https://gitlab.com/qemu-project/qemu/-/commit/449e8171f96a6a944d1f3b7d3627ae059eae21ca
- https://bugzilla.redhat.com/show_bug.cgi?id=2044863
- https://security.netapp.com/advisory/ntap-20221007-0008/
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0358