Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.5
CVSSv3

CVE-2015-8818

Published: 29/12/2016 Updated: 12/02/2023
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 187
Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Qemu

Vulnerability Summary

The cpu_physical_memory_write_rom_internal function in exec.c in QEMU (aka Quick Emulator) does not properly skip MMIO regions, which allows local privileged guest users to cause a denial of service (guest crash) via unspecified vectors.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

qemu qemu

Vendor Advisories

Red Hat: Moderate: qemu-kvm-rhev security, bug fix, and enhancement update
Synopsis Moderate: qemu-kvm-rhev security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for qemu-kvm-rhev is now available for Red Hat Enterprise Linux OpenStack Platform 70 (Kilo) for RHEL 7Red Hat Product Security has rated this update as having a security im ...
Red Hat: Moderate: qemu-kvm-rhev security, bug fix, and enhancement update
Synopsis Moderate: qemu-kvm-rhev security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for qemu-kvm-rhev is now available for Red Hat Enterprise Linux OpenStack Platform 60 (Juno) for RHEL 7Red Hat Product Security has rated this update as having a security im ...
Red Hat: Moderate: qemu-kvm-rhev security, bug fix, and enhancement update
Synopsis Moderate: qemu-kvm-rhev security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 80 (Liberty)Red Hat Product Security has rated this update as having a security impact of Moderate A Commo ...
Red Hat: Moderate: qemu-kvm-rhev security, bug fix, and enhancement update
Synopsis Moderate: qemu-kvm-rhev security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for qemu-kvm-rhev is now available for Red Hat Enterprise Linux OpenStack Platform 50 (Icehouse) for RHEL 7Red Hat Product Security has rated this update as having a securit ...
Red Hat: Moderate: qemu-kvm-rhev security, bug fix, and enhancement update
Synopsis Moderate: qemu-kvm-rhev security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for qemu-kvm-rhev is now available for Red Hat OpenStack Platform 90 (Mitaka)Red Hat Product Security has rated this update as having a security impact of Moderate A Common ...
Red Hat: CVE-2015-8818
An out-of-bounds flaw was found in the QEMU emulator built using 'address_space_translate' to map an address to a MemoryRegionSection The flaw could occur while doing pci_dma_read/write calls, resulting in an out-of-bounds read-write access error A privileged user inside a guest could use this flaw to crash the guest instance (denial of service) ...

References

NVD-CWE-noinfohttps://bugzilla.redhat.com/show_bug.cgi?id=1300771http://www.openwall.com/lists/oss-security/2016/03/01/10http://www.openwall.com/lists/oss-security/2016/03/01/1http://rhn.redhat.com/errata/RHSA-2016-2706.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2705.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2704.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2671.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2670.htmlhttp://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=b242e0e0e2969c044a318e56f7988bbd84de1f63https://nvd.nist.govhttps://access.redhat.com/errata/RHSA-2016:2704https://access.redhat.com/security/cve/cve-2015-8818
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereferenceCVE-2023-52689CVE-2024-23803client sideCVE-2023-52696information disclosureCVE-2024-35843CVE-2024-27130CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook