Published: 06/11/2015 Updated: 15/12/2021

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash.

Vulnerable Product	Search on Vulmon	Subscribe to Product
qemu qemu
debian debian linux 7.0
debian debian linux 8.0
debian debian linux 9.0
fedoraproject fedora 21
fedoraproject fedora 22
fedoraproject fedora 23
suse linux enterprise desktop 12
suse linux enterprise server 12
canonical ubuntu linux 12.04
canonical ubuntu linux 14.04
canonical ubuntu linux 15.04
arista eos -

Debian Bug report logs - #798101 qemu: CVE-2015-6815: net: e1000 infinite loop issue Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 5 Sep 2015 16:33:06 UTC Severity: important Tags: patch, secur ...

Several security issues were fixed in QEMU ...

Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware CVE-2015-5278 Qinghao Tang of QIHU 360 Inc discovered an infinite loop issue in the NE2000 NIC emulation A privileged guest user could use this flaw to mount a denial of service (QEMU process crash) CVE-2015-5279 Qinghao Tang of ...

Several vulnerabilities were discovered in qemu, a fast processor emulator CVE-2015-5278 Qinghao Tang of QIHU 360 Inc discovered an infinite loop issue in the NE2000 NIC emulation A privileged guest user could use this flaw to mount a denial of service (QEMU process crash) CVE-2015-5279 Qinghao Tang of QIHU 360 Inc discovered ...

CWE-369 http://www.debian.org/security/2015/dsa-3362 http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00019.html http://www.ubuntu.com/usn/USN-2745-1 http://www.debian.org/security/2015/dsa-3361 http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169036.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168602.html http://www.securityfocus.com/bid/76691 http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169327.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169341.html http://www.openwall.com/lists/oss-security/2015/09/10/2 http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167369.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169039.html http://www.openwall.com/lists/oss-security/2015/09/10/1 https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg02479.html https://security.gentoo.org/glsa/201602-01 https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798101 https://usn.ubuntu.com/2745-1/https://nvd.nist.gov

CVE-2015-6855

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect