Bug 2167423 (CVE-2023-0664)

Summary: CVE-2023-0664 QEMU: local privilege escalation via the QEMU Guest Agent on Windows
Product: [Other] Security Response Reporter: Mauro Matteo Cascella <mcascell>
Component: vulnerabilityAssignee: Yvugenfi <yvugenfi>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: ailan, ddepaula, haoliu, jferlan, kkostiuk, knoel, mdean, virt-maint, vrozenfe, yvugenfi
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: qemu-kvm 8.0.0-rc0 Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the QEMU Guest Agent service for Windows. A local unprivileged user may be able to manipulate the QEMU Guest Agent's Windows installer via repair custom actions to elevate their privileges on the system.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2167436, 2168242, 2175700, 2178028    
Bug Blocks: 2156568    

Description Mauro Matteo Cascella 2023-02-06 15:30:33 UTC 
A privilege escalation vulnerability was found in the QEMU Guest Agent service for Windows. A local unprivileged user is able to manipulate the QEMU Guest Agent's Windows installer (via repair custom actions) to elevate their privileges to the SYSTEM account within the guest.

Note: this is not a VM escape flaw, meaning that it does *not* allow a malicious user to break out of the guest. It affects Windows VMs using virtio-win drivers with QEMU Guest Agent installed in the guest.
Comment 4 Mauro Matteo Cascella 2023-02-21 08:56:02 UTC 
Upstream patch:
https://lists.nongnu.org/archive/html/qemu-devel/2023-03/msg01445.html
Comment 5 Mauro Matteo Cascella 2023-02-21 09:22:49 UTC 
Technical details: The cached installer for QEMU Guest Agent in c:\windows\installer (https://github.com/qemu/qemu/blob/master/qga/installer/qemu-ga.wxs) , can be leveraged to begin a repair of the installation without validation that the repair is being performed by an administrative user. The MSI repair custom action "RegisterCom" and "UnregisterCom" is not set for impersonation which allows for the actions to occur as the SYSTEM account (LINE 137 AND 145 of qemu-ga.wxs). The custom action also leverages cmd.exe to run qemu-ga.exe in line 134 and 142 which causes an interactive command shell to spawn even though the MSI is set to be non-interactive on line 53.

Red Hat would like to thank Brian Wiltse for reporting this issue.
Comment 6 Mauro Matteo Cascella 2023-03-06 11:17:29 UTC 
Created qemu tracking bugs for this issue:

Affects: fedora-all [bug 2175700]
Comment 7 Mauro Matteo Cascella 2023-03-13 11:06:43 UTC 
Upstream commits:
https://gitlab.com/qemu-project/qemu/-/commit/88288c2a51faa7c795f053fc8b31b1c16ff804c5
https://gitlab.com/qemu-project/qemu/-/commit/07ce178a2b0768eb9e712bb5ad0cf6dc7fcf0158