Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An information disclosure vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. The flaw exists in virgl_cmd_get_capset_info() in contrib/vhost-user-gpu/virgl.c and could occur due to the read of uninitialized memory. A malicious guest could exploit this issue to leak memory from the host.
CVSS Information
N/A
Vulnerability Type
对未经初始化资源的使用
Vulnerability Title
QEMU 信息泄露漏洞
Vulnerability Description
QEMU(Quick Emulator)是法国法布里斯-贝拉(Fabrice Bellard)个人开发者的一套模拟处理器软件。该软件具有速度快、跨平台等特点。 QEMU 存在信息泄露漏洞。该漏洞源于vhost-user-gpu/virgl.c中的virgl_cmd_get_capset_info()函数存在未初始化存储器泄露,攻击者可利用该漏洞获取敏感信息。以下产品及版本受到影响:QEMU: 4.1.0, 4.1.1, 4.2.0, 4.2.1, 5.0.0, 5.0.1, 5.1.0, 5.2.0, 6
CVSS Information
N/A
Vulnerability Type
N/A