vulnerability

Alma Linux: CVE-2022-0358: Moderate: virt:rhel and virt-devel:rhel security update (ALSA-2022-0886)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:L/AC:L/Au:S/C:C/I:C/A:C)	Mar 15, 2022	May 4, 2022	Jan 28, 2025

Severity

CVSS

(AV:L/AC:L/Au:S/C:C/I:C/A:C)

Published

Mar 15, 2022

Added

May 4, 2022

Modified

Jan 28, 2025

Description

A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of the group. This could allow a malicious unprivileged user inside the guest to gain access to resources accessible to the root group, potentially escalating their privileges within the guest. A malicious local user in the host might also leverage this unexpected executable file created by the guest to escalate their privileges on the host system.

Solution(s)

alma-upgrade-libiscsialma-upgrade-libiscsi-develalma-upgrade-libiscsi-utilsalma-upgrade-libvirt-dbusalma-upgrade-netcfalma-upgrade-netcf-develalma-upgrade-netcf-libsalma-upgrade-qemu-guest-agentalma-upgrade-qemu-imgalma-upgrade-qemu-kvmalma-upgrade-qemu-kvm-block-curlalma-upgrade-qemu-kvm-block-glusteralma-upgrade-qemu-kvm-block-iscsialma-upgrade-qemu-kvm-block-rbdalma-upgrade-qemu-kvm-block-sshalma-upgrade-qemu-kvm-commonalma-upgrade-qemu-kvm-corealma-upgrade-sgabiosalma-upgrade-sgabios-bin

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today