Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.5
CVSSv3

CVE-2015-8701

Published: 29/12/2016 Updated: 10/11/2020
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
CVSS v3 Base Score: 6.5 | Impact Score: 4 | Exploitability Score: 2
VMScore: 187
Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Qemu

Vulnerability Summary

QEMU (aka Quick Emulator) built with the Rocker switch emulation support is vulnerable to an off-by-one error. It happens while processing transmit (tx) descriptors in 'tx_consume' routine, if a descriptor was to have more than allowed (ROCKER_TX_FRAGS_MAX=16) fragments. A privileged user inside guest could use this flaw to cause memory leakage on the host or crash the QEMU process instance resulting in DoS issue.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

qemu qemu

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2015-8701: net: rocker: incorrect array bounds check
Debian Bug report logs - #809313 CVE-2015-8701: net: rocker: incorrect array bounds check Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Michael Tokarev <mjt@tlsmskru> Date: Tue, 29 Dec 2015 09:21:06 UTC Severity: important Tags: patch, security ...
Debian CVElist Bug Report Logs: CVE-2015-8613: scsi: stack based buffer overflow in megasas_ctrl_get_info
Debian Bug report logs - #809232 CVE-2015-8613: scsi: stack based buffer overflow in megasas_ctrl_get_info Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Michael Tokarev <mjt@tlsmskru> Date: Mon, 28 Dec 2015 15:12:01 UTC Severity: important Tags ...
Debian CVElist Bug Report Logs: CVE-2015-8567 CVE-2015-8568: qemu-system: net: vmxnet3: host memory leakage
Debian Bug report logs - #808145 CVE-2015-8567 CVE-2015-8568: qemu-system: net: vmxnet3: host memory leakage Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Michael Tokarev <mjt@tlsmskru> Date: Wed, 16 Dec 2015 13:18:02 UTC Severity: important Ta ...
Red Hat: CVE-2015-8701
An off-by-one vulnerability was discovered in the QEMU emulator built with Rocker-switch emulation support The flaw occurred when processing transmit(tx) descriptors in the 'tx_consume' routine, if a descriptor had more than the allowed fragments (ROCKER_TX_FRAGS_MAX=16) ...

References

CWE-193https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg04629.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=1286971http://www.securityfocus.com/bid/79706http://www.openwall.com/lists/oss-security/2015/12/29/1http://www.openwall.com/lists/oss-security/2015/12/28/6https://security.gentoo.org/glsa/201602-01https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809313https://access.redhat.com/security/cve/cve-2015-8701
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4654CVE-2023-49606encryptionNULL pointer dereferenceCVE-2024-4439CVE-2024-4649race conditionCVE-2024-27202CVE-2024-34566
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook