CVE-2017-15038

Several security issues were fixed in QEMU ...

USN-3575-1 introduced a regression in QEMU ...

Debian Bug report logs - #877890 qemu: CVE-2017-15038: 9p: virtfs: information disclosure when reading extended attributes Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 6 Oct 2017 18:36:02 UTC ...

Debian Bug report logs - #886532 Coming updates for meltdown/spectre Package: qemu; Maintainer for qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Source for qemu is src:qemu (PTS, buildd, popcon) Reported by: Nigel Kukard <nkukard@lbsdnet> Date: Sun, 7 Jan 2018 12:15:02 UTC Severity: grave Fo ...

Several vulnerabilities were discovered in qemu, a fast processor emulator CVE-2017-15038 Tuomas Tynkkynen discovered an information leak in 9pfs CVE-2017-15119 Eric Blake discovered that the NBD server insufficiently restricts large option requests, resulting in denial of service CVE-2017-15124 Daniel Berrange discovered that t ...

Race condition in the v9fs_xattrwalk function in hw/9pfs/9pc in QEMU (aka Quick Emulator) allows local guest OS users to obtain sensitive information from host heap memory via vectors related to reading extended attributes ...