exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 8 of 8 RSS Feed

CVE-2022-0358

Status Candidate

Overview

A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of the group. This could allow a malicious unprivileged user inside the guest to gain access to resources accessible to the root group, potentially escalating their privileges within the guest. A malicious local user in the host might also leverage this unexpected executable file created by the guest to escalate their privileges on the host system.

Related Files

Ubuntu Security Notice USN-5489-1
Posted Jun 21, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5489-1 - Alexander Bulekov discovered that QEMU incorrectly handled floppy disk emulation. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly leak sensitive information. It was discovered that QEMU incorrectly handled NVME controller emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-3507, CVE-2021-3929, CVE-2022-0358, CVE-2022-26353, CVE-2022-26354
SHA-256 | 5e7afcf473dc350167fc86323143e719c2f4a10a84ed04040691851b4e79d4b6
Debian Security Advisory 5133-1
Posted May 28, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5133-1 - Multiple security issues were discovered in QEMU, a fast processor emulator, which could result in denial of service or the execution of arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, debian
advisories | CVE-2021-4206, CVE-2021-4207, CVE-2022-0358, CVE-2022-26353, CVE-2022-26354
SHA-256 | 57990d647a23586c852204bc219b23e57c397992ca00db3c856fe2e4844ce6d4
Red Hat Security Advisory 2022-0971-01
Posted Mar 21, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0971-01 - The Advanced Virtualization module provides the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Issues addressed include a privilege escalation vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-0358, CVE-2022-0485
SHA-256 | e0172eabb0bff4bd40800e07cc360c2ad20abbdbb8f21b9a802a577f6ff8bf97
Red Hat Security Advisory 2022-0973-01
Posted Mar 21, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0973-01 - Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems. Issues addressed include a privilege escalation vulnerability.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2022-0358
SHA-256 | 67e782c7e79ed0b94a3980575dbe5a80344c76be79c06747974950a2c882747d
Red Hat Security Advisory 2022-0949-01
Posted Mar 17, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0949-01 - The Advanced Virtualization module provides the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Issues addressed include a privilege escalation vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-0358, CVE-2022-0485
SHA-256 | 00bbedfca2719402988db3dae344606e583bd998eeab1e6422935f31fa12ce35
Red Hat Security Advisory 2022-0886-01
Posted Mar 15, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0886-01 - Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems. Issues addressed include a privilege escalation vulnerability.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2022-0358
SHA-256 | 233b392bce4cf385c62694ef3ac9f66d9814eaaf34f2b3f051c48a2d7c1e1510
Red Hat Security Advisory 2022-0759-01
Posted Mar 8, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0759-01 - Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems. Issues addressed include a privilege escalation vulnerability.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2022-0358
SHA-256 | 6f828294aa6a99310c545d9e148b3d1ba0a2c006adc731924bcca8f448f87c47
Ubuntu Security Notice USN-5307-1
Posted Feb 28, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5307-1 - Gaoning Pan discovered that QEMU incorrectly handled the floppy disk emulator. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. Gaoning Pan discovered that the QEMU vmxnet3 NIC emulator incorrectly handled certain values. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. It was discovered that the QEMU vhost-user GPU device contained several security issues. An attacker inside the guest could use these issues to cause QEMU to crash, resulting in a denial of service, leak sensitive information, or possibly execute arbitrary code. This issue only affected Ubuntu 21.10.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-20196, CVE-2021-20203, CVE-2021-3546, CVE-2021-3682, CVE-2021-3713, CVE-2021-3748, CVE-2021-3930, CVE-2021-4158, CVE-2022-0358
SHA-256 | 93c74c6aff190d655abe77b615cbb1fdb9e7fd27501547e3980eeee5e03af9e9
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close