Privilege escalation in QEMU



Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2023-5088
CWE-ID CWE-662
Exploitation vector Local
Public exploit N/A
Vulnerable software
 QEMU
Client/Desktop applications / Virtualization software

Vendor QEMU

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Improper synchronization

EUVDB-ID: #VU85827

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-5088

CWE-ID: CWE-662 - Improper Synchronization

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper synchronization, which causes guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead. An L2 guest with a virtual disk (vdiskL2) stored on a virtual disk of an L1 (vdiskL1) hypervisor can read and/or write data to LBA 0 of vdiskL1, potentially gaining control of L1 at its next reboot.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

QEMU: All versions

CPE2.3 External links

https://bugzilla.redhat.com/show_bug.cgi?id=2247283
https://access.redhat.com/security/cve/CVE-2023-5088
https://lore.kernel.org/all/20230921160712.99521-1-simon.rowe@nutanix.com/T/
https://security.netapp.com/advisory/ntap-20231208-0005/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to open a a specially crafted file.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###