Quick Emulator(Qemu) built with the VirtFS, host directory sharing via Plan 9 File System(9pfs) support, is vulnerable to memory leakage issue. It could occur while creating extended attribute via 'Txattrcreate' message. A privileged user inside guest could use this flaw to leak host memory, thus affecting other services on the host and/or potentially crash the Qemu process on the host. Upstream patches: ----------------- -> https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg01861.html Reference: ---------- -> http://wiki.qemu.org/Documentation/9psetup -> http://www.openwall.com/lists/oss-security/2016/10/27/15
Acknowledgments: Name: Li Qiang (360.cn Inc.)
Created xen tracking bugs for this issue: Affects: fedora-all [bug 1389552]
Created qemu tracking bugs for this issue: Affects: fedora-all [bug 1389551]
CVE assignment: http://seclists.org/oss-sec/2016/q4/278
commit ff55e94d23ae94c8628b0115320157c763eb3e06 Author: Li Qiang <liqiang6-s> Date: Mon Oct 17 14:13:58 2016 +0200 9pfs: fix memory leak in v9fs_xattrcreate