What is CVE-2023-1386?

CVE-2023-1386 is a low-severity vulnerability in Fedora Extra Packages For Enterprise Linux, classified under Improper Preservation of Permissions. CVSS score: 3.3/10. Published 2023-07-24.

How severe is CVE-2023-1386?

Low severity. CVSS v3 base score is 3.3 out of 10.

Vulnerability in Fedora Extra Packages For Enterprise Linux

CVE-2023-1386

A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. When a local user in the guest writes an executable file with SUID or SGID, none of these privileged bits are correctly dropped. As a result, in rare circumst…

EPSS: 0.000 (4.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.3 (Low). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N.

Affected products

Weakness classification (CWE)

CWE-281 — Improper Preservation of Permissions

References

access.redhat.com/security/cve/CVE-2023-1386 (vdb-entry, x_refsource_REDHAT)
RHBZ#2223985 (issue-tracking, x_refsource_REDHAT)
github.com/advisories/GHSA-ppj8-867g-rgjr
github.com/v9fs/linux/issues/29
security.netapp.com/advisory/ntap-20230831-0005/

Frequently asked questions

What is CVE-2023-1386?: CVE-2023-1386 is a low-severity vulnerability in Fedora Extra Packages For Enterprise Linux, classified under Improper Preservation of Permissions. CVSS score: 3.3/10. Published 2023-07-24.
How severe is CVE-2023-1386?: Low severity. CVSS v3 base score is 3.3 out of 10.