Quick Emulator(Qemu) built with the VirtFS, host directory sharing via Plan 9 File System(9pfs) support, is vulnerable to an information disclosure issue. It could occur while accessing extended attributes of a file due to a race condition. A user inside guest could use this flaw to disclose uninitialised heap memory contents on the host. Upstream patch: --------------- -> https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg00729.html Reference: ---------- -> http://www.openwall.com/lists/oss-security/2017/10/06/1
Acknowledgments: Name: Tuomas Tynkkynen
Created qemu tracking bugs for this issue: Affects: fedora-all [bug 1499111]
qemu-2.9.1-2.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.
qemu-2.10.1-1.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report.