Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 598772 (CVE-2016-9106) - <app-emulation/qemu-2.7.0-r6: 9pfs: memory leakage in v9fs_write
Summary: <app-emulation/qemu-2.7.0-r6: 9pfs: memory leakage in v9fs_write
Alias: CVE-2016-9106
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: B4 [noglsa]
Depends on:
Blocks: CVE-2016-9102, CVE-2016-9103, CVE-2016-9104, CVE-2016-9105
  Show dependency tree
Reported: 2016-11-02 11:06 UTC by Agostino Sarubbo
Modified: 2016-11-17 07:01 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2016-11-02 11:06:04 UTC
From ${URL} :

Quick Emulator(Qemu) built with the VirtFS, host directory sharing via Plan 9 
File System(9pfs) support, is vulnerable to a memory leakage issue. It could 
occur when calling v9fs_write call.

A privileged user inside guest could use this flaw to leak the host memory 
bytes resulting in DoS for other services.

Upstream patches:


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Matthias Maier gentoo-dev 2016-11-12 17:33:10 UTC
Arches, please stabilize


Target keywords: "amd64 x86"

commit cad0a6324b5d4a5954893dfd29b5b97ee7a361d3
Author: Matthias Maier <>
Date:   Sat Nov 12 11:26:09 2016 -0600

    app-emulation/qemu: security fixes, bug #598772
        CVE-2016-9102, bug #598328
        CVE-2016-9103, bug #598328
        CVE-2016-9104, bug #598328
        CVE-2016-9105, bug #598328
        CVE-2016-9106, bug #598772
    Package-Manager: portage-2.3.0
Comment 2 Agostino Sarubbo gentoo-dev 2016-11-13 13:08:17 UTC
amd64 stable
Comment 3 Agostino Sarubbo gentoo-dev 2016-11-13 13:10:06 UTC
x86 stable.

Maintainer(s), please cleanup.
Security, please vote.
Comment 4 Matthias Maier gentoo-dev 2016-11-13 17:19:58 UTC
Commit e374c1ca4ae657866957ab34d42306ad61b29825
Author: Matthias Maier <>
Date:   Sun Nov 13 11:17:38 2016 -0600

    app-emulation/qemu: drop vulnerable 2.7.0-r5, bug #598772
    Package-Manager: portage-2.3.0
Comment 5 Aaron Bauman (RETIRED) gentoo-dev 2016-11-17 07:01:13 UTC
GLSA Vote: No