A security issue was found in QEMU. The new '-o xattrmap' option in virtiofsd-5.2.0 causes some cases in which the 'security.capability' xattr in the guest isn't dropped on write, potentially leading to a modified privileged executable. For the problem to happen virtiofsd needs to be running with '-o xattr' and '-o xattrmap' (to enable and rename xattrs, respectively). The problem only occurs if 'security.capability' is one of the xattrs that is being renamed. Different caching modes cause different guest behavior: '-o cache=none' makes the issue easy to reproduce but it may also occur with '-o cache=auto' as well.
A security issue was found in QEMU. The new '-o xattrmap' option in virtiofsd-5.2.0 causes some cases in which the 'security.capability' xattr in the guest isn't dropped on write, potentially leading to a modified privileged executable. For the problem to happen virtiofsd needs to be running with '-o xattr' and '-o xattrmap' (to enable and rename xattrs, respectively). The problem only occurs if 'security.capability' is one of the xattrs that is being renamed. Different caching modes cause different guest behavior: '-o cache=none' makes the issue easy to reproduce but it may also occur with '-o cache=auto' as well.
https://bugzilla.redhat.com/show_bug.cgi?id=1933668