Race condition in QEMU - CVE-2017-15038
Published: May 30, 2018
Vulnerability identifier: #VU13050
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-15038
CWE-ID: CWE-362
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: QEMU
Affected software:
QEMU
QEMU
Detailed vulnerability description
The vulnerability allows an adjacent attacker to obtain potentially sensitive information on the target system.
The weakness exists due to race condition in the v9fs_xattrwalk function in hw/9pfs/9p.c in QEMU (aka Quick Emulator). An adjacent attacker can obtain sensitive information from host heap memory via vectors related to reading extended attributes.
The weakness exists due to race condition in the v9fs_xattrwalk function in hw/9pfs/9p.c in QEMU (aka Quick Emulator). An adjacent attacker can obtain sensitive information from host heap memory via vectors related to reading extended attributes.
How to mitigate CVE-2017-15038
Install update from vendor's website.