Improper Preservation of Permissions
CVE-2021-20263
Summary
A flaw was found in the virtio-fs shared file system daemon (virtiofsd) of QEMU 5.2.0-rc0 before 6.0.0-rc0. The new 'xattrmap' option may cause the 'security.capability' xattr in the guest to not drop on file write, potentially leading to a modified, privileged executable in the guest. In rare circumstances, this flaw could be used by a malicious user to elevate their privileges within the guest.
- LOW
- LOCAL
- LOW
- UNCHANGED
- NONE
- LOW
- NONE
- NONE
CWE-281 - Improper Preservation of Permissions
The software does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.
References
Advisory Timeline
- Published