Back to bug 1366369
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Prasad Pandit | 2016-08-11 19:16:34 UTC | Blocks | 1346338 | |
| Prasad Pandit | 2016-08-11 19:16:49 UTC | Depends On | 1366370 | |
| Salvatore Bonaccorso | 2016-08-12 17:43:47 UTC | CC | carnil | |
| Adam Mariš | 2016-08-19 07:19:20 UTC | CC | amaris | |
| Summary | Qemu: net: vmxnet: Information leakage in vmxnet3_complete_packet | CVE-2016-6836 Qemu: net: vmxnet: Information leakage in vmxnet3_complete_packet | ||
| Alias | CVE-2016-6836 | |||
| Prasad Pandit | 2016-08-22 10:56:59 UTC | Whiteboard | impact=low,public=20160811,reported=20160614,source=researcher,cvss2=2.3/AV:A/AC:M/Au:S/C:N/I:N/A:P,cvss3=2.4/CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N,rhel-5/kvm=notaffected,rhel-5/xen=notaffected,rhel-6/qemu-kvm=notaffected,rhel-7/qemu-kvm=wontfix,rhel-7/qemu-kvm-rhev=wontfix,fedora-all/xen=notaffected,fedora-all/qemu=affected | impact=low,public=20160811,reported=20160614,source=researcher,cvss2=2.3/AV:A/AC:M/Au:S/C:N/I:N/A:P,cvss3=2.4/CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N,cwe=CWE-200,rhel-5/kvm=notaffected,rhel-5/xen=notaffected,rhel-6/qemu-kvm=notaffected,rhel-7/qemu-kvm=wontfix,rhel-7/qemu-kvm-rhev=wontfix,fedora-all/xen=notaffected,fedora-all/qemu=affected |
| Garth Mollett | 2016-08-26 06:31:57 UTC | Blocks | 1370384 | |
| Cole Robinson | 2016-10-15 22:35:05 UTC | CC | crobinso | |
| Adam Mariš | 2016-11-08 15:54:46 UTC | CC | amaris | |
| Prasad Pandit | 2016-11-24 07:50:59 UTC | Doc Text | Quick Emulator(Qemu) built with the VMWARE VMXNET3 NIC device support is vulnerable to an information leakage issue. It could occur while processing transmit(tx) queue, when it reaches the end of packet. A privileged user inside guest could use this leak host memory bytes to a guest. | |
| Whiteboard | impact=low,public=20160811,reported=20160614,source=researcher,cvss2=2.3/AV:A/AC:M/Au:S/C:N/I:N/A:P,cvss3=2.4/CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N,cwe=CWE-200,rhel-5/kvm=notaffected,rhel-5/xen=notaffected,rhel-6/qemu-kvm=notaffected,rhel-7/qemu-kvm=wontfix,rhel-7/qemu-kvm-rhev=wontfix,fedora-all/xen=notaffected,fedora-all/qemu=affected | impact=low,public=20160811,reported=20160614,source=researcher,cvss2=2.3/AV:A/AC:M/Au:S/C:N/I:N/A:P,cvss3=2.4/CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N,cwe=CWE-200,rhel-5/kvm=notaffected,rhel-5/xen=notaffected,rhel-6/qemu-kvm=notaffected,rhel-7/qemu-kvm=affected,rhel-7/qemu-kvm-rhev=affected,fedora-all/xen=notaffected,fedora-all/qemu=affected,openstack-5/qemu-kvm-rhev=affected,openstack-6/qemu-kvm-rhev=affected,openstack-7/qemu-kvm-rhev=affected,openstack-8/qemu-kvm-rhev=affected,openstack-9/qemu-kvm-rhev=affected | ||
| Prasad Pandit | 2016-11-24 07:51:57 UTC | Depends On | 1398132 | |
| Prasad Pandit | 2016-11-24 07:52:09 UTC | Depends On | 1398133 | |
| Prasad Pandit | 2016-11-24 07:52:23 UTC | Depends On | 1398134 | |
| Prasad Pandit | 2016-11-24 07:52:35 UTC | Depends On | 1398135 | |
| Prasad Pandit | 2016-11-24 07:52:48 UTC | Depends On | 1398136 | |
| Prasad Pandit | 2016-11-24 07:53:06 UTC | Depends On | 1398137 | |
| Prasad Pandit | 2016-11-24 07:53:27 UTC | Depends On | 1398138 | |
| Prasad Pandit | 2016-11-24 07:53:45 UTC | Depends On | 1398139 | |
| Prasad Pandit | 2016-11-24 07:54:05 UTC | Depends On | 1398140 | |
| Prasad Pandit | 2016-11-24 07:54:23 UTC | Depends On | 1398141 | |
| Eric Christensen | 2016-11-28 15:05:35 UTC | Doc Text | Quick Emulator(Qemu) built with the VMWARE VMXNET3 NIC device support is vulnerable to an information leakage issue. It could occur while processing transmit(tx) queue, when it reaches the end of packet. A privileged user inside guest could use this leak host memory bytes to a guest. | Quick Emulator (QEMU) built with the VMWARE VMXNET3 NIC device support is vulnerable to an information leakage issue. The vulnerability could occur while processing the transmit(tx) queue when it reaches the end of a packet. A privileged user inside guest could use this vulnerability to leak host memory bytes to a guest. |
| Amnon Ilan | 2016-12-21 10:41:27 UTC | CC | prasad | |
| Flags | needinfo?(prasad) | |||
| Prasad Pandit | 2016-12-21 13:01:18 UTC | Status | NEW | CLOSED |
| Resolution | --- | WONTFIX | ||
| Flags | needinfo?(prasad) | |||
| Last Closed | 2016-12-21 08:01:18 UTC | |||
| Paolo Bonzini | 2016-12-21 13:49:08 UTC | Status | CLOSED | ASSIGNED |
| Resolution | WONTFIX | --- | ||
| Keywords | Reopened | |||
| Wei | 2016-12-21 14:12:58 UTC | CC | wexu | |
| PnT Account Manager | 2018-07-18 14:58:59 UTC | CC | rbalakri | |
| PnT Account Manager | 2019-06-11 08:09:11 UTC | CC | wexu | |
| Product Security DevOps Team | 2019-09-29 13:54:22 UTC | Whiteboard | impact=low,public=20160811,reported=20160614,source=researcher,cvss2=2.3/AV:A/AC:M/Au:S/C:N/I:N/A:P,cvss3=2.4/CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N,cwe=CWE-200,rhel-5/kvm=notaffected,rhel-5/xen=notaffected,rhel-6/qemu-kvm=notaffected,rhel-7/qemu-kvm=affected,rhel-7/qemu-kvm-rhev=affected,fedora-all/xen=notaffected,fedora-all/qemu=affected,openstack-5/qemu-kvm-rhev=affected,openstack-6/qemu-kvm-rhev=affected,openstack-7/qemu-kvm-rhev=affected,openstack-8/qemu-kvm-rhev=affected,openstack-9/qemu-kvm-rhev=affected | |
| PnT Account Manager | 2019-09-30 21:42:03 UTC | CC | rkrcmar | |
| Red Hat Bugzilla | 2022-02-12 05:41:23 UTC | CC | areis | |
| Red Hat Bugzilla | 2022-06-30 22:53:09 UTC | CC | drjones | |
| Red Hat Bugzilla | 2023-07-07 08:32:52 UTC | Assignee | security-response-team | nobody |
Back to bug 1366369