CVE-2017-15038

Published: Oct 9, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

Race condition in the v9fs_xattrwalk function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS users to obtain sensitive information from host heap memory via vectors related to reading extended attributes.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update

mailing-list

x_refsource_MLIST

DSA-4213

vendor-advisory

x_refsource_DEBIAN

[qemu-devel] 20171004 Re: [PATCH] 9pfs: use g_malloc0 to allocate space for xattr

mailing-list

x_refsource_MLIST

USN-3575-1

vendor-advisory

x_refsource_UBUNTU

[oss-security] 20171006 CVE-2017-15038 Qemu: 9p: virtfs: information disclosure when reading extended attributes

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2017-15038

Description

Affected Products

References