qemu, xen-tools -- QEMU leak of uninitialized heap memory in rtl8139 device model

2015-08-0300:00:00

vuxml.freebsd.org

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.003 Low

EPSS

Percentile

71.0%

JSON

The Xen Project reports:

The QEMU model of the RTL8139 network card did not sufficiently
validate inputs in the C+ mode offload emulation. This results in
uninitialized memory from the QEMU process’s heap being leaked to
the domain as well as to the network.
A guest may be able to read sensitive host-level data relating to
itself which resides in the QEMU process.
Such information may include things such as information relating to
real devices backing emulated devices or passwords which the host
administrator does not intend to share with the guest admin.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchqemu<= 0.11.1_20UNKNOWN
FreeBSDanynoarchqemu-devel<= 0.11.1_20UNKNOWN
FreeBSDanynoarchqemu-sbruno< 2.4.50.g20150814UNKNOWN
FreeBSDanynoarchqemu-user-static< 2.4.50.g20150814UNKNOWN
FreeBSDanynoarchxen-tools< 4.5.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	qemu	<= 0.11.1_20	UNKNOWN
FreeBSD	any	noarch	qemu-devel	<= 0.11.1_20	UNKNOWN
FreeBSD	any	noarch	qemu-sbruno	< 2.4.50.g20150814	UNKNOWN
FreeBSD	any	noarch	qemu-user-static	< 2.4.50.g20150814	UNKNOWN
FreeBSD	any	noarch	xen-tools	< 4.5.1	UNKNOWN