[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2017-15038":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T14:53:31.930Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":28,"aliases":29,"duplicate_of":9,"upstream":30,"downstream":31,"duplicates":60,"related":61,"reserved_at":9,"published_at":69,"modified_at":70,"state":71,"summary":72,"references_raw":81,"kevs":110,"epss":111,"epss_history":114,"metrics":384,"affected":395},"CVE-2017-15038","Race condition in the v9fs_xattrwalk function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS users to obtain sensitive information from host heap memory via vectors related to reading extended attributes.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-362","Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.","weakness","Draft","Class","Medium",[20,24],{"id":21,"name":22,"techniques":23},"CAPEC-26","Leveraging Race Conditions",[],{"id":25,"name":26,"techniques":27},"CAPEC-29","Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions",[],[],[],[],[32,34,36,38,40,42,44,46,48,50,52,54,56,58],{"_key":33},"SUSE-SU-2017:2936-1",{"_key":35},"SUSE-SU-2017:2946-1",{"_key":37},"OPENSUSE-SU-2024:11287-1",{"_key":39},"SUSE-SU-2017:2924-1",{"_key":41},"SUSE-SU-2017:2963-1",{"_key":43},"SUSE-SU-2017:2969-1",{"_key":45},"SUSE-SU-2017:3084-1",{"_key":47},"UBUNTU-CVE-2017-15038",{"_key":49},"USN-3575-1",{"_key":51},"DLA-1128-1",{"_key":53},"DLA-1129-1",{"_key":55},"DLA-1497-1",{"_key":57},"DSA-4213-1",{"_key":59},"DEBIAN-CVE-2017-15038",[],[62,63,64,65,66,67,68],{"_key":33},{"_key":35},{"_key":37},{"_key":39},{"_key":41},{"_key":43},{"_key":45},"2017-10-09T14:00:00.000Z","2024-08-05T19:42:22.384Z","Modified",{"cisa_kev":73,"cisa_ransomware":73,"cisa_vendor":9,"epss_severity":74,"epss_score":75,"severity":76,"severity_score":77,"severity_version":78,"severity_source":79,"severity_vector":80,"severity_status":71},false,"low",0.00028,"medium",5.6,"v3.0","nvd","CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",[82,89,95,101,106],{"url":83,"sources":84,"tags":86},"https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html",[85,79],"cve.org",[87,88],"Mailing List","X Refsource MLIST",{"url":90,"sources":91,"tags":92},"https://www.debian.org/security/2018/dsa-4213",[85,79],[93,94],"Vendor Advisory","X Refsource DEBIAN",{"url":96,"sources":97,"tags":98},"https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg00729.html",[85,79],[87,88,99,100],"Patch","Third Party Advisory",{"url":102,"sources":103,"tags":104},"https://usn.ubuntu.com/3575-1/",[85,79],[93,105],"X Refsource UBUNTU",{"url":107,"sources":108,"tags":109},"http://www.openwall.com/lists/oss-security/2017/10/06/1",[85,79],[87,88,99,100],[],{"date":112,"score":75,"percentile":113},"2026-06-04",0.08557,[115,119,122,125,128,131,134,137,140,143,146,149,152,155,158,161,164,167,170,173,176,179,182,185,188,191,194,197,200,203,206,209,212,215,218,221,224,227,230,233,236,239,242,245,248,251,254,257,260,263,266,269,272,275,278,281,284,287,290,293,296,299,302,305,308,311,314,317,320,323,326,329,332,334,337,340,343,346,349,351,354,357,360,363,366,369,372,375,378,381],{"date":116,"score":117,"percentile":118},"2025-11-04",0.00053,0.16467,{"date":120,"score":117,"percentile":121},"2025-11-05",0.16496,{"date":123,"score":117,"percentile":124},"2025-11-06",0.16585,{"date":126,"score":117,"percentile":127},"2025-11-07",0.16601,{"date":129,"score":117,"percentile":130},"2025-11-08",0.16608,{"date":132,"score":117,"percentile":133},"2025-11-09",0.16577,{"date":135,"score":117,"percentile":136},"2025-11-10",0.16537,{"date":138,"score":117,"percentile":139},"2025-11-11",0.16559,{"date":141,"score":117,"percentile":142},"2025-11-12",0.16595,{"date":144,"score":117,"percentile":145},"2025-11-13",0.16625,{"date":147,"score":117,"percentile":148},"2025-11-14",0.16635,{"date":150,"score":117,"percentile":151},"2025-11-15",0.16603,{"date":153,"score":117,"percentile":154},"2025-11-16",0.16568,{"date":156,"score":117,"percentile":157},"2025-11-17",0.16526,{"date":159,"score":117,"percentile":160},"2025-11-18",0.11955,{"date":162,"score":117,"percentile":163},"2025-11-19",0.11972,{"date":165,"score":117,"percentile":166},"2025-11-20",0.11989,{"date":168,"score":117,"percentile":169},"2025-11-21",0.16547,{"date":171,"score":117,"percentile":172},"2025-11-22",0.16556,{"date":174,"score":117,"percentile":175},"2025-11-23",0.16528,{"date":177,"score":117,"percentile":178},"2025-11-24",0.16493,{"date":180,"score":117,"percentile":181},"2025-11-25",0.16482,{"date":183,"score":117,"percentile":184},"2025-11-26",0.16468,{"date":186,"score":117,"percentile":187},"2025-11-27",0.16477,{"date":189,"score":117,"percentile":190},"2025-11-28",0.16464,{"date":192,"score":117,"percentile":193},"2025-11-29",0.16451,{"date":195,"score":117,"percentile":196},"2025-11-30",0.16452,{"date":198,"score":117,"percentile":199},"2025-12-01",0.1649,{"date":201,"score":117,"percentile":202},"2025-12-02",0.16503,{"date":204,"score":117,"percentile":205},"2025-12-03",0.16518,{"date":207,"score":117,"percentile":208},"2025-12-04",0.16483,{"date":210,"score":117,"percentile":211},"2025-12-05",0.1654,{"date":213,"score":117,"percentile":214},"2025-12-06",0.1655,{"date":216,"score":117,"percentile":217},"2025-12-07",0.16535,{"date":219,"score":117,"percentile":220},"2025-12-08",0.16545,{"date":222,"score":117,"percentile":223},"2025-12-09",0.16605,{"date":225,"score":117,"percentile":226},"2025-12-10",0.16657,{"date":228,"score":117,"percentile":229},"2025-12-11",0.16704,{"date":231,"score":117,"percentile":232},"2025-12-12",0.1675,{"date":234,"score":117,"percentile":235},"2025-12-13",0.16746,{"date":237,"score":117,"percentile":238},"2025-12-14",0.16703,{"date":240,"score":117,"percentile":241},"2025-12-15",0.1667,{"date":243,"score":117,"percentile":244},"2025-12-16",0.167,{"date":246,"score":117,"percentile":247},"2025-12-17",0.1679,{"date":249,"score":117,"percentile":250},"2025-12-18",0.16845,{"date":252,"score":117,"percentile":253},"2025-12-19",0.16894,{"date":255,"score":117,"percentile":256},"2025-12-20",0.16873,{"date":258,"score":117,"percentile":259},"2025-12-21",0.16824,{"date":261,"score":117,"percentile":262},"2025-12-22",0.16762,{"date":264,"score":117,"percentile":265},"2025-12-23",0.16763,{"date":267,"score":117,"percentile":268},"2025-12-24",0.16782,{"date":270,"score":117,"percentile":271},"2025-12-25",0.16852,{"date":273,"score":117,"percentile":274},"2025-12-26",0.16842,{"date":276,"score":117,"percentile":277},"2025-12-27",0.16848,{"date":279,"score":117,"percentile":280},"2025-12-28",0.16807,{"date":282,"score":117,"percentile":283},"2025-12-29",0.16774,{"date":285,"score":117,"percentile":286},"2025-12-30",0.16786,{"date":288,"score":117,"percentile":289},"2025-12-31",0.16859,{"date":291,"score":117,"percentile":292},"2026-01-01",0.16965,{"date":294,"score":117,"percentile":295},"2026-01-02",0.16955,{"date":297,"score":117,"percentile":298},"2026-01-03",0.16937,{"date":300,"score":117,"percentile":301},"2026-01-04",0.16843,{"date":303,"score":117,"percentile":304},"2026-01-05",0.16801,{"date":306,"score":117,"percentile":307},"2026-01-06",0.16814,{"date":309,"score":117,"percentile":310},"2026-01-07",0.16851,{"date":312,"score":117,"percentile":313},"2026-01-08",0.16909,{"date":315,"score":117,"percentile":316},"2026-01-09",0.16917,{"date":318,"score":117,"percentile":319},"2026-01-10",0.16934,{"date":321,"score":117,"percentile":322},"2026-01-11",0.16896,{"date":324,"score":117,"percentile":325},"2026-01-12",0.16856,{"date":327,"score":117,"percentile":328},"2026-01-13",0.16838,{"date":330,"score":117,"percentile":331},"2026-01-14",0.16897,{"date":333,"score":117,"percentile":331},"2026-01-15",{"date":335,"score":117,"percentile":336},"2026-01-16",0.16941,{"date":338,"score":117,"percentile":339},"2026-01-17",0.16948,{"date":341,"score":117,"percentile":342},"2026-01-18",0.16887,{"date":344,"score":117,"percentile":345},"2026-01-19",0.16839,{"date":347,"score":117,"percentile":348},"2026-01-20",0.1681,{"date":350,"score":117,"percentile":247},"2026-01-21",{"date":352,"score":117,"percentile":353},"2026-01-22",0.16725,{"date":355,"score":117,"percentile":356},"2026-01-23",0.16802,{"date":358,"score":117,"percentile":359},"2026-01-24",0.1683,{"date":361,"score":117,"percentile":362},"2026-01-25",0.16761,{"date":364,"score":117,"percentile":365},"2026-01-26",0.16659,{"date":367,"score":117,"percentile":368},"2026-01-27",0.1665,{"date":370,"score":117,"percentile":371},"2026-01-28",0.1666,{"date":373,"score":117,"percentile":374},"2026-01-29",0.16637,{"date":376,"score":117,"percentile":377},"2026-01-30",0.16648,{"date":379,"score":117,"percentile":380},"2026-01-31",0.16665,{"date":382,"score":117,"percentile":383},"2026-02-01",0.16694,[385],{"source":79,"cvss_v2_0":386,"cvss_v3_0":391,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":387,"baseSeverity":9,"vectorString":388,"impactScore":389,"exploitabilityScore":390},1.9,"AV:L/AC:M/Au:N/C:P/I:N/A:N",2.9,3.4,{"baseScore":77,"baseSeverity":392,"vectorString":80,"impactScore":393,"exploitabilityScore":394},"MEDIUM",6.7,2.8,[396],{"ecosystem":9,"name":397,"vendor":397,"product":397,"cpe_part":398,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":399},"qemu","a",[400],{"version":401,"is_range":402,"range_type":403,"version_start":9,"version_start_type":9,"version_end":404,"version_end_type":405,"fixed_in":9},"lte2.9.1",true,"cpe","2.9.1","including"]