CVE-2015-4037 — Insecure Temporary File in Qemu

CWE-17 CWE-377 — Insecure Temporary File CWE-835 — Infinite Loop11 documents7 sources

Severity

1.9LOWNVD

OSV7.5

EPSS

0.1%

top 73.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qemu Debian Qemu

Timeline

PublishedAug 26

Latest updateMay 17

Description

The slirp_smb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.*-* files before the program.

CVSS vector

AV:L/AC:M/C:N/I:N/A:PExploitability: 3.4 | Impact: 2.9

Affected Packages4 packages

▶debiandebian/qemu< qemu 1:2.3+dfsg-5 (bookworm)

▶Debianqemu/qemu< 1:2.3+dfsg-5+3

▶Ubuntuqemu/qemu< 2.0.0+dfsg-2ubuntu1.13

▶NVDqemu/qemu2.3.0

🔴Vulnerability Details

GHSA

GHSA-4xwp-3m3p-vvgr: The slirp_smb function in net/slirp↗2022-05-17

▶

OSV

CVE-2015-4037: The slirp_smb function in net/slirp↗2015-08-26

▶

OSV

qemu, qemu-kvm vulnerabilities↗2015-06-10

▶

📋Vendor Advisories

Red Hat

Qemu: usb: Infinite loop vulnerability in usb_ehci using siTD process↗2016-04-18

▶

Ubuntu

QEMU vulnerabilities↗2015-06-10

▶

Red Hat

qemu: insecure temporary file use in /net/slirp.c↗2015-05-13

▶

Debian

CVE-2015-4037: qemu - The slirp_smb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporar...↗2015

▶

💬Community

Bugzilla

CVE-2016-4037 Qemu: usb: Infinite loop vulnerability in usb_ehci using siTD process↗2016-04-08

▶

Bugzilla

qemu: insecure temporary file use in /net/slirp.c [fedora-all]↗2015-05-19

▶

Bugzilla

CVE-2015-4037 qemu: insecure temporary file use in /net/slirp.c↗2015-05-19

▶