Quick Emulator(Qemu) built with the VMWARE VMXNET3 NIC device support is vulnerable to an information leakage issue. It could occur while processing transmit(tx) queue, when it reaches the end of packet. A privileged user inside guest could use this leak host memory bytes to a guest. Upstream patch: --------------- -> git.qemu.org/?p=qemu.git;a=commit;h=fdda170e50b8af062cf5741e12c4fb5e57a2eacf Reference: ---------- -> http://www.openwall.com/lists/oss-security/2016/08/18/5
Acknowledgments: Name: Li Qiang (Qihoo 360 Inc.)
Created qemu tracking bugs for this issue: Affects: fedora-all [bug 1366370]
CVE assignment: http://seclists.org/oss-sec/2016/q3/311
The bug does not affect neither RHEL nor OpenStack.
The source code file for this BZ is not got compiled for all RHEL repository, so we won't suffer this vulnerability potentially.