Overwrite host files via insufficient permission checks in wasmtime-wasi
Summary
Wasmtime is a runtime for WebAssembly. Prior to 24.0.11, 36.0.12, 45.0.3, and 46.0.1, wasmtime-wasi hard-link creation and renaming check directory permissions but not matching FilePerms on source and destination preopens, allowing a WASI guest with a read-only source file capability to overwrite host files exposed as FilePerms::READ through wasip1, wasip2, or wasip3 filesystem interfaces. This issue is fixed in versions 24.0.11, 36.0.12, 45.0.3, and 46.0.1. This Moderate-impact flaw in Wasmtime allows a malicious WebAssembly System Interface (WASI) guest to overwrite host files. By exploiting insufficient permission checks during hard-link and rename operations, a guest with read-only file capabilities can modify host files that are exposed with read permissions through WASI filesystem interfaces. This could lead to data integrity issues on the host system. Red Hat severity: Moderate — CVSS 6.5 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N). Weakness: CWE-280. Affected Red Hat products: Red Hat Connectivity Link 1; Red Hat Enterprise Linux 10; Red Hat Hardened Images. Red Hat does not currently list a fixing RHSA for this CVE.
- < 24.0.11
- < 36.0.12
- < 45.0.3
- < 46.0.1
Official advisory · high-confidence parse· fetched 2 hours ago·verify at source
- 24.0.11
- 36.0.12
- 45.0.3
- 46.0.1
Official advisory · high-confidence parse· fetched 2 hours ago·verify at source
Mitigation
Mitigation steps weren't captured by the parser for this advisory — this is a parsing gap, not a statement that no fix exists. Read the vendor advisory below for the authoritative guidance.
Official advisory · high-confidence parse· fetched 2 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.