CVE-2017-15038
Description
Race condition in the v9fs_xattrwalk function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS users to obtain sensitive information from host heap memory via vectors related to reading extended attributes.
Risk Information
Base Score
5.6
MODERATE
Vector
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.053
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerability CVE-2017-10664,CVE-2017-15038,CVE-2017-7539,CVE-2017-8309 are affected in QEMU 2.9.1 | Windows |
| Machine emulator and virtualizer (USN-3575-1) qemu_2.10+dfsg-0ubuntu3.5_i386.deb | Linux |
| Machine emulator and virtualizer (USN-3575-1) qemu_2.10+dfsg-0ubuntu3.5_amd64.deb | Linux |
| Machine emulator and virtualizer (USN-3575-1) qemu-system_2.10+dfsg-0ubuntu3.5_i386.deb | Linux |
| Machine emulator and virtualizer (USN-3575-1) qemu-system_2.10+dfsg-0ubuntu3.5_amd64.deb | Linux |
| qemu security update(DSA-4213-1) qemu_2.8+dfsg-6+deb9u4_i386.deb | Linux |
| qemu security update(DSA-4213-1) qemu_2.8+dfsg-6+deb9u4_amd64.deb | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234