CVE-2023-0664

Published: Mar 29, 2023

Modified: Feb 18, 2025

PUBLISHED

Description

A flaw was found in the QEMU Guest Agent service for Windows. A local unprivileged user may be able to manipulate the QEMU Guest Agent's Windows installer via repair custom actions to elevate their privileges on the system.

Vendor	Product	Versions
n/a	QEMU	affected `unknown`

Weaknesses (CWE)

CWE-250

References

https://bugzilla.redhat.com/show_bug.cgi?id=2167423

https://lists.nongnu.org/archive/html/qemu-devel/2023-03/msg01445.html

https://gitlab.com/qemu-project/qemu/-/commit/88288c2a51faa7c795f053fc8b31b1c16ff804c5

https://gitlab.com/qemu-project/qemu/-/commit/07ce178a2b0768eb9e712bb5ad0cf6dc7fcf0158

FEDORA-2023-e5a35f7197

vendor-advisory

https://security.netapp.com/advisory/ntap-20230517-0005/

FEDORA-2023-68df3f4b02

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-0664

Description

Affected Products

Weaknesses (CWE)

References