Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 1366369 - (CVE-2016-6836) CVE-2016-6836 Qemu: net: vmxnet: Information leakage in vmxnet3_complete_packet
CVE-2016-6836 Qemu: net: vmxnet: Information leakage in vmxnet3_complete_packet
Status: ASSIGNED
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
impact=low,public=20160811,reported=2...
: Reopened, Security
Depends On: 1366370 1398132 1398133 1398134 1398135 1398136 1398137 1398138 1398139 1398140 1398141
Blocks: 1346338 1370384
  Show dependency treegraph
 
Reported: 2016-08-11 15:15 EDT by Prasad J Pandit
Modified: 2018-07-18 10:58 EDT (History)
26 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Quick Emulator (QEMU) built with the VMWARE VMXNET3 NIC device support is vulnerable to an information leakage issue. The vulnerability could occur while processing the transmit(tx) queue when it reaches the end of a packet. A privileged user inside guest could use this vulnerability to leak host memory bytes to a guest.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-12-21 08:01:18 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Prasad J Pandit 2016-08-11 15:15:54 EDT 
Quick Emulator(Qemu) built with the VMWARE VMXNET3 NIC device support
is vulnerable to an information leakage issue. It could occur while
processing transmit(tx) queue, when it reaches the end of packet.

A privileged user inside guest could use this leak host memory bytes
to a guest.

Upstream patch:
---------------
  -> git.qemu.org/?p=qemu.git;a=commit;h=fdda170e50b8af062cf5741e12c4fb5e57a2eacf

Reference:
----------
  -> http://www.openwall.com/lists/oss-security/2016/08/18/5
Comment 1 Prasad J Pandit 2016-08-11 15:16:18 EDT 
Acknowledgments:

Name: Li Qiang (Qihoo 360 Inc.)
Comment 2 Prasad J Pandit 2016-08-11 15:17:07 EDT 
Created qemu tracking bugs for this issue:

Affects: fedora-all [bug 1366370]
Comment 3 Adam Mariš 2016-08-19 03:19:20 EDT 
CVE assignment:

http://seclists.org/oss-sec/2016/q3/311
Comment 8 Paolo Bonzini 2016-12-15 12:06:10 EST 
The bug does not affect neither RHEL nor OpenStack.
Comment 11 Wei 2016-12-21 09:12:58 EST 
The source code file for this BZ is not got compiled for all RHEL repository, so we won't suffer this vulnerability potentially.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.