CVE-2016-9103

MEDIUM

QEMU - Info Disclosure

Title source: llm

Description

The v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to obtain sensitive host heap memory information by reading xattribute values before writing to them.

References (7)

Scores

CVSS v3 6.0
EPSS 0.0012
EPSS Percentile 30.3%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Classification

CWE
CWE-200
Status published

Affected Products (3)

qemu/qemu < 2.7.1
debian/debian_linux
n/a/n/a

Timeline

Published Dec 09, 2016
Tracked Since Feb 18, 2026