Skip to main content

Improper Initialization

CVE-2016-6836

Severity Low
Score 2.1/10

Summary

The vmxnet3_complete_packet function in hw/net/vmxnet3.c in QEMU (aka Quick Emulator) allows local guest OS administrators to obtain sensitive host memory information by leveraging failure to initialize the txcq_descr object.

  • LOW
  • LOCAL
  • NONE
  • NONE
  • PARTIAL
  • NONE

CWE-665 - Improper Initialization

The software does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.

References

Advisory Timeline

  • Published