CVE-2017-15038medium
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
Race condition in the v9fs_xattrwalk function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS users to obtain sensitive information from host heap memory via vectors related to reading extended attributes.
References
http://www.openwall.com/lists/oss-security/2017/10/06/1
https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg00729.html
Details
Source: MITRE
Published: 2017-10-10
Updated: 2018-09-07
Type: CWE-362
Risk Information
CVSS v2
Base Score: 1.9
Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N
Impact Score: 2.9
Exploitability Score: 3.4
Severity: LOW
CVSS v3
Base Score: 5.6
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Impact Score: 4
Exploitability Score: 1.1
Severity: MEDIUM
Vulnerable Software
Configuration 1
OR
cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:* versions up to 2.9.1 (inclusive)
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 136276 | EulerOS Virtualization for ARM 64 3.0.2.0 : qemu-kvm (EulerOS-SA-2020-1573) | Nessus | Huawei Local Security Checks | critical |
| 117351 | Debian DLA-1497-1 : qemu security update (Spectre) | Nessus | Debian Local Security Checks | critical |
| 110208 | Debian DSA-4213-1 : qemu - security update (Spectre) | Nessus | Debian Local Security Checks | critical |
| 107145 | Ubuntu 14.04 LTS / 16.04 LTS : qemu regression (USN-3575-2) | Nessus | Ubuntu Local Security Checks | critical |
| 106927 | Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : qemu vulnerabilities (USN-3575-1) | Nessus | Ubuntu Local Security Checks | critical |
| 105928 | Fedora 27 : 2:qemu (2017-8db9c497f9) | Nessus | Fedora Local Security Checks | high |
| 104780 | SUSE SLES11 Security Update : kvm (SUSE-SU-2017:3084-1) | Nessus | SuSE Local Security Checks | critical |
| 104495 | SUSE SLES12 Security Update : qemu (SUSE-SU-2017:2969-1) | Nessus | SuSE Local Security Checks | critical |
| 104494 | SUSE SLES11 Security Update : kvm (SUSE-SU-2017:2963-1) | Nessus | SuSE Local Security Checks | critical |
| 104471 | SUSE SLES12 Security Update : qemu (SUSE-SU-2017:2946-1) | Nessus | SuSE Local Security Checks | critical |
| 104446 | Fedora 26 : 2:qemu (2017-9149114fba) | Nessus | Fedora Local Security Checks | high |
| 104429 | SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2017:2936-1) | Nessus | SuSE Local Security Checks | high |
| 104424 | openSUSE Security Update : qemu (openSUSE-2017-1249) | Nessus | SuSE Local Security Checks | high |
| 104423 | openSUSE Security Update : qemu (openSUSE-2017-1248) | Nessus | SuSE Local Security Checks | high |
| 104376 | SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2017:2924-1) | Nessus | SuSE Local Security Checks | high |
| 103714 | Debian DLA-1129-1 : qemu security update | Nessus | Debian Local Security Checks | high |
| 103713 | Debian DLA-1128-1 : qemu-kvm security update | Nessus | Debian Local Security Checks | high |