Published: 12/04/2016 Updated: 08/09/2020

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P

Stack-based buffer overflow in hw/scsi/scsi-bus.c in QEMU, when built with SCSI-device emulation support, allows guest OS users with CAP_SYS_RAWIO permissions to cause a denial of service (instance crash) via an invalid opcode in a SCSI command descriptor block.

Vulnerable Product	Search on Vulmon	Subscribe to Product
qemu qemu
qemu qemu 2.4.0

Several security issues were fixed in QEMU ...

Debian Bug report logs - #794611 qemu: CVE-2015-5166: Use after free in QEMU/Xen block unplug protocol Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 4 Aug 2015 20:27:02 UTC Severity: important ...

Debian Bug report logs - #793811 qemu: CVE-2015-5154: ide: atapi: heap overflow during I/O buffer memory access Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 27 Jul 2015 18:12:02 UTC Severity: g ...

Debian Bug report logs - #795461 qemu: CVE-2015-3214: i8254: out-of-bounds memory access in pit_ioport_read function Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 14 Aug 2015 08:12:10 UTC Severi ...

Debian Bug report logs - #793388 qemu: CVE-2015-5158: scsi stack buffer overflow Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 23 Jul 2015 15:06:03 UTC Severity: important Tags: patch, security, ...

Debian Bug report logs - #794610 qemu: CVE-2015-5165: rtl8139 uninitialized heap memory information leakage to guest Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 4 Aug 2015 20:24:02 UTC Severi ...

Debian Bug report logs - #795087 qemu: CVE-2015-5745: buffer overflow in virtio-serial Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 10 Aug 2015 13:24:06 UTC Severity: normal Tags: fixed-upstrea ...

Debian Bug report logs - #796465 qemu: CVE-2015-5225: ui: vnc: heap memory corruption in vnc_refresh_server_surface Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 21 Aug 2015 22:12:02 UTC Severit ...

A flaw has been discovered in the QEMU emulator built with SCSI-device emulation support The emulator is vulnerable to a stack buffer overflow issue, which can occur while parsing a SCSI command descriptor block with an invalid operation code A privileged(CAP_SYS_RAWIO) user inside a guest could use this flaw to crash the QEMU instance resulting ...

CWE-787 https://security.gentoo.org/glsa/201510-02 http://www.securityfocus.com/bid/76016 http://www.securitytracker.com/id/1033095 https://lists.nongnu.org/archive/html/qemu-devel/2015-07/msg04558.html https://nvd.nist.gov https://usn.ubuntu.com/2692-1/

Get Started

CVE-2015-5158

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect