Published: 29/12/2016 Updated: 12/02/2023

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P

QEMU (aka Quick Emulator) built to use 'address_space_translate' to map an address to a MemoryRegionSection is vulnerable to an OOB r/w access issue. It could occur while doing pci_dma_read/write calls. Affects QEMU versions >= 1.6.0 and <= 2.3.1. A privileged user inside guest could use this flaw to crash the guest instance resulting in DoS.

Vulnerable Product	Search on Vulmon	Subscribe to Product
qemu qemu 2.0.0
qemu qemu 2.0.2
qemu qemu 2.1.3
qemu qemu 2.1.0
qemu qemu 1.6.0
qemu qemu 2.2.1
qemu qemu 2.3.1
qemu qemu 2.1.1
qemu qemu 1.7.1
qemu qemu 2.3.0
qemu qemu 1.6.2
qemu qemu 1.6.1
qemu qemu 2.2.0
qemu qemu 2.1.2

Synopsis Moderate: qemu-kvm-rhev security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for qemu-kvm-rhev is now available for Red Hat Enterprise Linux OpenStack Platform 70 (Kilo) for RHEL 7Red Hat Product Security has rated this update as having a security im ...

Synopsis Moderate: qemu-kvm-rhev security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for qemu-kvm-rhev is now available for Red Hat Enterprise Linux OpenStack Platform 60 (Juno) for RHEL 7Red Hat Product Security has rated this update as having a security im ...

Synopsis Moderate: qemu-kvm-rhev security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 80 (Liberty)Red Hat Product Security has rated this update as having a security impact of Moderate A Commo ...

Synopsis Moderate: qemu-kvm-rhev security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for qemu-kvm-rhev is now available for Red Hat Enterprise Linux OpenStack Platform 50 (Icehouse) for RHEL 7Red Hat Product Security has rated this update as having a securit ...

Synopsis Moderate: qemu-kvm-rhev security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 90 (Mitaka)Red Hat Product Security has rated this update as having a security impact of Moderate A Common ...

An out-of-bounds flaw was found in the QEMU emulator built using 'address_space_translate' to map an address to a MemoryRegionSection The flaw could occur while doing pci_dma_read/write calls, resulting in an out-of-bounds read-write access error A privileged user inside a guest could use this flaw to crash the guest instance (denial of service) ...

CWE-125 CWE-787 https://lists.gnu.org/archive/html/qemu-stable/2016-01/msg00060.html https://bugzilla.redhat.com/show_bug.cgi?id=1300771 http://www.openwall.com/lists/oss-security/2016/03/01/10 http://www.openwall.com/lists/oss-security/2016/03/01/1 http://rhn.redhat.com/errata/RHSA-2016-2706.html http://rhn.redhat.com/errata/RHSA-2016-2705.html http://rhn.redhat.com/errata/RHSA-2016-2704.html http://rhn.redhat.com/errata/RHSA-2016-2671.html http://rhn.redhat.com/errata/RHSA-2016-2670.html http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=c3c1bb99d1c11978d9ce94d1bdcf0705378c1459 http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=23820dbfc79d1c9dce090b4c555994f2bb6a69b3 https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2016:2704 https://access.redhat.com/security/cve/cve-2015-8817

CVE-2015-8817

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect