Vmxnet3 device emulator bug in processing transmit queue in QEMU - #VU319
Published: August 16, 2016 / Updated: March 19, 2018
Vulnerability identifier: #VU319
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: N/A
CWE-ID: CWE-200
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: QEMU
Affected software:
QEMU
QEMU
Detailed vulnerability description
The vulnerability allows an adjacent user to obtain potentially sensitive information on the host system.
The vulnerability exists in QEMU. An adjacent attacker can obtain information on the host system by causing an information leak in the transmit queue processing.
Systems wtih VMWARE VMXNET3 NIC device support are affected.
Successful exploitation of this vulnerability may result in disclosure of system information.
The vulnerability exists in QEMU. An adjacent attacker can obtain information on the host system by causing an information leak in the transmit queue processing.
Systems wtih VMWARE VMXNET3 NIC device support are affected.
Successful exploitation of this vulnerability may result in disclosure of system information.
Remediation
Patch for this vulnerability is available at:
https://lists.gnu.org/archive/html/qemu-stable/2016-08/msg00077.html
https://lists.gnu.org/archive/html/qemu-stable/2016-08/msg00077.html