摘要:
A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of the group. This issue allows a malicious user to trigger CVE-2018-13405 to obtain sensitive information or potentially escalate their privileges on the system.
安全等级: Low
公告ID: KylinSec-SA-2022-1631
发布日期: 2022年7月28日
关联CVE: CVE-2022-0358
A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of the group. This issue allows a malicious user to trigger CVE-2018-13405 to obtain sensitive information or potentially escalate their privileges on the system.
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|
