Skip to main content

Improper Preservation of Permissions

CVE-2021-20263

Severity Low
Score 3.3/10

Summary

A flaw was found in the virtio-fs shared file system daemon (virtiofsd) of QEMU 5.2.0-rc0 before 6.0.0-rc0. The new 'xattrmap' option may cause the 'security.capability' xattr in the guest to not drop on file write, potentially leading to a modified, privileged executable in the guest. In rare circumstances, this flaw could be used by a malicious user to elevate their privileges within the guest.

  • LOW
  • LOCAL
  • LOW
  • UNCHANGED
  • NONE
  • LOW
  • NONE
  • NONE

CWE-281 - Improper Preservation of Permissions

The software does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

Advisory Timeline

  • Published