CVE-2017-15038

{"id": "CVE-2017-15038", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 1.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 5.6, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 1.1}]}, "published": "2017-10-10T01:30:22.127", "references": [{"url": "http://www.openwall.com/lists/oss-security/2017/10/06/1", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html", "source": "cve@mitre.org"}, {"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg00729.html", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://usn.ubuntu.com/3575-1/", "source": "cve@mitre.org"}, {"url": "https://www.debian.org/security/2018/dsa-4213", "source": "cve@mitre.org"}, {"url": "http://www.openwall.com/lists/oss-security/2017/10/06/1", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg00729.html", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://usn.ubuntu.com/3575-1/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.debian.org/security/2018/dsa-4213", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-362"}]}], "descriptions": [{"lang": "en", "value": "Race condition in the v9fs_xattrwalk function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS users to obtain sensitive information from host heap memory via vectors related to reading extended attributes."}, {"lang": "es", "value": "Condici\u00f3n de carrera en la funci\u00f3n v9fs_xattrwalk en hw/9pfs/9p.c en QEMU (tambi\u00e9n conocido como Quick Emulator) permite que los usuarios de sistemas operativos invitados locales obtengan informaci\u00f3n sensible de la memoria din\u00e1mica (heap) mediante vectores relacionados con la lectura de atributos extendidos."}], "lastModified": "2024-11-21T03:13:59.037", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6B8E599C-1E63-4D90-9BE4-9ADA35192912", "versionEndIncluding": "2.9.1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}