Quick Emulator(Qemu) built with the VMWARE VMXNET3 NIC device support is vulnerable to a use-after-free issue. It could occur while writing to the device once it's disabled. A privileged user inside guest could use this issue to crash the Qemu process instance resulting in DoS. Upstream patch -------------- -> http://git.qemu.org/?p=qemu.git;a=commit;h=6c352ca9b4ee3e1e286ea9e8434bd8e69ac7d0d8 Reference: ---------- -> http://www.openwall.com/lists/oss-security/2016/08/18/3
Acknowledgments: Name: Li Qiang (Qihoo 360 Inc.)
Created qemu tracking bugs for this issue: Affects: fedora-all [bug 1368982]