Bug 1366369 (CVE-2016-6836) - CVE-2016-6836 Qemu: net: vmxnet: Information leakage in vmxnet3_complete_packet
Summary: CVE-2016-6836 Qemu: net: vmxnet: Information leakage in vmxnet3_complete_packet
Keywords:
Status: ASSIGNED
Alias: CVE-2016-6836
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 1366370 1398132 1398133 1398134 1398135 1398136 1398137 1398138 1398139 1398140 1398141
Blocks: 1346338 1370384
TreeView+ depends on / blocked
 
Reported: 2016-08-11 19:15 UTC by Prasad Pandit
Modified: 2023-07-07 08:32 UTC (History)
22 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Quick Emulator (QEMU) built with the VMWARE VMXNET3 NIC device support is vulnerable to an information leakage issue. The vulnerability could occur while processing the transmit(tx) queue when it reaches the end of a packet. A privileged user inside guest could use this vulnerability to leak host memory bytes to a guest.
Clone Of:
Environment:
Last Closed: 2016-12-21 13:01:18 UTC
Embargoed:


Attachments (Terms of Use)

Description Prasad Pandit 2016-08-11 19:15:54 UTC
Quick Emulator(Qemu) built with the VMWARE VMXNET3 NIC device support
is vulnerable to an information leakage issue. It could occur while
processing transmit(tx) queue, when it reaches the end of packet.

A privileged user inside guest could use this leak host memory bytes
to a guest.

Upstream patch:
---------------
  -> git.qemu.org/?p=qemu.git;a=commit;h=fdda170e50b8af062cf5741e12c4fb5e57a2eacf

Reference:
----------
  -> http://www.openwall.com/lists/oss-security/2016/08/18/5

Comment 1 Prasad Pandit 2016-08-11 19:16:18 UTC
Acknowledgments:

Name: Li Qiang (Qihoo 360 Inc.)

Comment 2 Prasad Pandit 2016-08-11 19:17:07 UTC
Created qemu tracking bugs for this issue:

Affects: fedora-all [bug 1366370]

Comment 3 Adam Mariš 2016-08-19 07:19:20 UTC
CVE assignment:

http://seclists.org/oss-sec/2016/q3/311

Comment 8 Paolo Bonzini 2016-12-15 17:06:10 UTC
The bug does not affect neither RHEL nor OpenStack.

Comment 11 Wei 2016-12-21 14:12:58 UTC
The source code file for this BZ is not got compiled for all RHEL repository, so we won't suffer this vulnerability potentially.


Note You need to log in before you can comment on or make changes to this bug.