Your submission was sent successfully! Close

CVE-2015-4037

Published: 23 May 2015

The slirp_smb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.*-* files before the program.

Priority

Low

Status

Package Release Status
qemu
Launchpad, Ubuntu, Debian
precise Does not exist

trusty
Released (2.0.0+dfsg-2ubuntu1.13)
upstream Needed

utopic
Released (2.1+dfsg-4ubuntu6.7)
vivid
Released (1:2.2+dfsg-5expubuntu9.2)
Patches:
upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=8b8f1c7e9ddb2e88a144638f6527bf70e32343e3
qemu-kvm
Launchpad, Ubuntu, Debian
precise
Released (1.0+noroms-0ubuntu14.23)
trusty Does not exist

upstream Needed

utopic Does not exist

vivid Does not exist