Unrated severityNVD Advisory· Published Aug 26, 2015· Updated May 6, 2026
CVE-2015-4037
CVE-2015-4037
Description
The slirp_smb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.*-* files before the program.
Affected products
19- osv-coords18 versionspkg:rpm/opensuse/xen&distro=openSUSE%20Tumbleweedpkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%2012pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Desktop%2011%20SP3pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Desktop%2011%20SP4pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP2-LTSSpkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATApkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2012pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP3pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP3pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012
< 4.7.0_12-1.3+ 17 more
- (no CPE)range: < 4.7.0_12-1.3
- (no CPE)range: < 2.0.2-48.4.1
- (no CPE)range: < 2.0.2-48.4.1
- (no CPE)range: < 2.0.2-48.4.1
- (no CPE)range: < 4.2.5_14-18.2
- (no CPE)range: < 4.4.3_02-26.2
- (no CPE)range: < 4.4.3_02-22.12.1
- (no CPE)range: < 4.1.6_08-20.1
- (no CPE)range: < 4.2.5_14-18.2
- (no CPE)range: < 4.2.5_14-18.2
- (no CPE)range: < 4.4.3_02-26.2
- (no CPE)range: < 4.4.3_02-22.12.1
- (no CPE)range: < 4.2.5_14-18.2
- (no CPE)range: < 4.4.3_02-26.2
- (no CPE)range: < 4.4.3_02-22.12.1
- (no CPE)range: < 4.2.5_14-18.2
- (no CPE)range: < 4.4.3_02-26.2
- (no CPE)range: < 4.4.3_02-22.12.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
14- lists.fedoraproject.org/pipermail/package-announce/2015-June/160058.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2015-June/160414.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-06/msg00027.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-09/msg00015.htmlnvd
- lists.opensuse.org/opensuse-updates/2015-11/msg00063.htmlnvd
- www.debian.org/security/2015/dsa-3284nvd
- www.debian.org/security/2015/dsa-3285nvd
- www.openwall.com/lists/oss-security/2015/05/13/7nvd
- www.openwall.com/lists/oss-security/2015/05/16/5nvd
- www.openwall.com/lists/oss-security/2015/05/23/4nvd
- www.securityfocus.com/bid/74809nvd
- www.securitytracker.com/id/1032547nvd
- www.ubuntu.com/usn/USN-2630-1nvd
- bugzilla.redhat.com/show_bug.cginvd
News mentions
0No linked articles in our index yet.