CVE-2015-4037
Advisory lineage Upstream: 0 Downstream: 12
Modified
Published: 26 Aug 2015, 19:00
Last modified:06 Aug 2024, 06:04
Vulnerability Summary
Overall Risk (default)
minimal
8/100 CVSS Score
1.9 LOW
v2.0 (nvd)
EPSS Score
0.1% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
26 Aug 2015, 19:00
Published
Vulnerability first disclosed
06 Aug 2024, 06:04
Last Modified
Vulnerability information updated
Description
The slirp_smb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.*-* files before the program.
CVSS Metrics
- v2.0•LOW•Score: 1.9AV:L/AC:M/Au:N/C:N/I:N/A:P
EPSS Trends
Current EPSS score: 0.10%• Percentile: 27%
Techniques & Countermeasures
- CWE-17•DEPRECATED: Code
This entry has been deprecated. It was originally used for organizing the Development View (CWE-699) and some other views, but it introduced unnecessary complexity and depth to the resulting tree.
Affected Systems
- qemu•qemu
≤ 2.3.0
References (14)
- http://www.ubuntu.com/usn/USN-2630-1
- http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00027.html
- http://www.openwall.com/lists/oss-security/2015/05/23/4
- http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00015.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160414.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160058.html
- http://www.openwall.com/lists/oss-security/2015/05/16/5
- http://www.debian.org/security/2015/dsa-3284
- http://www.securitytracker.com/id/1032547
- http://lists.opensuse.org/opensuse-updates/2015-11/msg00063.html
- http://www.securityfocus.com/bid/74809
- https://bugzilla.redhat.com/show_bug.cgi?id=1222892
- http://www.openwall.com/lists/oss-security/2015/05/13/7
- http://www.debian.org/security/2015/dsa-3285