A use-after-free memory error in Vmxnet3 device emulator in QEMU - #VU321
Published: August 16, 2016 / Updated: March 19, 2018
Vulnerability identifier: #VU321
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: N/A
CWE-ID: CWE-416
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: QEMU
Affected software:
QEMU
QEMU
Detailed vulnerability description
The vulnerability allows an adjacent attacker to cause denial of service conditions on the host system.
The vulnerability exists due to a use-after-free memory error in Vmxnet3 device emulator. An adjacent user can cause denial of service conditions on the host system.
Systems with VMWARE VMXNET3 NIC device support are affected when the device is disabled.
Successful exploitation of this vulnerability may result in denial of service via network.
The vulnerability exists due to a use-after-free memory error in Vmxnet3 device emulator. An adjacent user can cause denial of service conditions on the host system.
Systems with VMWARE VMXNET3 NIC device support are affected when the device is disabled.
Successful exploitation of this vulnerability may result in denial of service via network.
Remediation
Patch for this vulnerability is available at:
https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01602.html
https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01602.html