CVE-2017-15038 - OpenCVE

Race condition in the v9fs_xattrwalk function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS users to obtain sensitive information from host heap memory via vectors related to reading extended attributes.

No CVSS v3.1

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:M/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Qemu	Qemu

Configuration 1 [-]

cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*

References

Link	Resource
http://www.openwall.com/lists/oss-security/2017/10/06/1	Mailing List Patch Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg00729.html	Mailing List Patch Third Party Advisory
https://usn.ubuntu.com/3575-1/
https://www.debian.org/security/2018/dsa-4213

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2017-10-09T14:00:00

Updated: 2018-09-07T09:57:01

Reserved: 2017-10-05T00:00:00

Link: CVE-2017-15038

JSON object: View

NVD Information

Status : Modified

Published: 2017-10-10T01:30:22.127

Modified: 2018-09-07T10:29:02.617

Link: CVE-2017-15038

JSON object: View

Redhat Information

No data.

CWE

CWE-362

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-10-04T00:00:00", "descriptions": [{"lang": "en", "value": "Race condition in the v9fs_xattrwalk function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS users to obtain sensitive information from host heap memory via vectors related to reading extended attributes."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-09-07T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"}, {"name": "DSA-4213", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2018/dsa-4213"}, {"name": "[qemu-devel] 20171004 Re: [PATCH] 9pfs: use g_malloc0 to allocate space for xattr", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg00729.html"}, {"name": "USN-3575-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3575-1/"}, {"name": "[oss-security] 20171006 CVE-2017-15038 Qemu: 9p: virtfs: information disclosure when reading extended attributes", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2017/10/06/1"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-15038", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Race condition in the v9fs_xattrwalk function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS users to obtain sensitive information from host heap memory via vectors related to reading extended attributes."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"}, {"name": "DSA-4213", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4213"}, {"name": "[qemu-devel] 20171004 Re: [PATCH] 9pfs: use g_malloc0 to allocate space for xattr", "refsource": "MLIST", "url": "https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg00729.html"}, {"name": "USN-3575-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3575-1/"}, {"name": "[oss-security] 20171006 CVE-2017-15038 Qemu: 9p: virtfs: information disclosure when reading extended attributes", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2017/10/06/1"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-15038", "datePublished": "2017-10-09T14:00:00", "dateReserved": "2017-10-05T00:00:00", "dateUpdated": "2018-09-07T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "matchCriteriaId": "6B8E599C-1E63-4D90-9BE4-9ADA35192912", "versionEndIncluding": "2.9.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Race condition in the v9fs_xattrwalk function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS users to obtain sensitive information from host heap memory via vectors related to reading extended attributes."}, {"lang": "es", "value": "Condici\u00f3n de carrera en la funci\u00f3n v9fs_xattrwalk en hw/9pfs/9p.c en QEMU (tambi\u00e9n conocido como Quick Emulator) permite que los usuarios de sistemas operativos invitados locales obtengan informaci\u00f3n sensible de la memoria din\u00e1mica (heap) mediante vectores relacionados con la lectura de atributos extendidos."}], "id": "CVE-2017-15038", "lastModified": "2018-09-07T10:29:02.617", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 1.9, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 1.1, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-10-10T01:30:22.127", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2017/10/06/1"}, {"source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg00729.html"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/3575-1/"}, {"source": "cve@mitre.org", "url": "https://www.debian.org/security/2018/dsa-4213"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "nvd@nist.gov", "type": "Primary"}]}