[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] Re: CVE request Qemu: 9pfs: information leakage via xattribute
From: <cve-assign () mitre ! org>
Date: 2016-10-30 19:41:46
Message-ID: 6aa34810a3694877b8edb2afbfb85e00 () imshyb02 ! MITRE ! ORG
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
> Quick Emulator(Qemu) built with the VirtFS, host directory sharing via Plan 9
> File System(9pfs) support, is vulnerable to an information leakage issue. It
> could occur by accessing xattribute value before it's written to.
>
> A privileged user inside guest could use this flaw to leak host memory bytes.
>
> https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg01790.html
> http://git.qemu.org/?p=qemu.git;a=commit;h=eb687602853b4ae656e9236ee4222609f3a6887d
>> if the guest
>> reads this memory before writing to it, this will leak host heap memory
>> to the guest.
Use CVE-2016-9103.
- --
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJYFktzAAoJEHb/MwWLVhi2bhYQAIL6yUfJTuXN+dfnWKCuqg/Z
eFf9ZkNoPojFWIe8c/++zXZB7OIdfWBQS3L8cPDGOGersI0AqCbgIfwPtrSkYUAK
xpqjCQnCMM0Rwcz+vzDkG5WgxsJbaykOaiScWooupXdcbVcun15+la34gDayztRg
7ZadVB/h+aEMX0G9OVhqb0Iw8AD6fmWbGIxY2+1ecb16FJbd2E48MYMMiud/QDRo
Map9XS688v5vpEyoxSVXOP2lYlhu7mR2SvCnIBmk8vIFM3rW+bdZIJ1O38xunHRY
kcPcwsArnzM+9Ww9zQL//Saf7U8dDkbt7GXVfngj7I5hedq9FhiJnDIgFoHjhveN
9tMSWtJ5GlxfaxLBY17gn2qVD8ufwUTDHzCKM+JIulefDvTA+JmC4OHtUJASRq0r
gx3uzimWNp08aROJsl2YWVszi43IHjVh2Md3+o8gzbH9X7Z4dsU9IBefwN4fbypH
W6FKbWLBHlndLUxTrtdehDpqK8B2AX9iP/dLPrLMfTVS/4v7sWUmwBV6AEYrBAqo
LjuOHfu8RTbBFhXd04mqNl/hErpb+dmPIgnBydx9AXaVnwAaXXZn6qc535s3sblq
CBgxX9jwShg+bjfSc42QHNE3ysrE96YQHkT16hWMxUbc2pzA9iVdpJsOZBnQNj5f
z7ekgfP+KudJuOrXXZME
=Hcjr
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic