CVE-2015-7512
Qemu: net: pcnet: buffer overflow in non-loopback mode
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet.
Desbordamiento de buffer en la función pcnet_receive en hw/net/pcnet.c en QEMU, cuando un NIC invitado tiene un MTU más grande, permite a atacantes provocar una denegación de servicio (caída de SO invitado) o ejecutar código arbitrario a través de un paquete grande.
A buffer overflow flaw was found in the way QEMU's AMD PC-Net II emulation validated certain received packets from a remote host in non-loopback mode. A remote, unprivileged attacker could potentially use this flaw to execute arbitrary code on the host with the privileges of the QEMU process. Note that to exploit this flaw, the guest network interface must have a large MTU limit.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-09-29 CVE Reserved
- 2015-12-03 CVE Published
- 2024-08-06 CVE Updated
- 2024-09-14 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
- CWE-122: Heap-based Buffer Overflow
CAPEC
References (14)
URL | Tag | Source |
---|---|---|
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=8b98a2f07175d46c3f7217639bd5e03f | X_refsource_confirm | |
http://www.openwall.com/lists/oss-security/2015/11/30/3 | Mailing List | |
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html | Third Party Advisory | |
http://www.securityfocus.com/bid/78230 | Third Party Advisory | |
http://www.securitytracker.com/id/1034527 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://rhn.redhat.com/errata/RHSA-2015-2694.html | 2023-02-13 | |
http://rhn.redhat.com/errata/RHSA-2015-2695.html | 2023-02-13 | |
http://rhn.redhat.com/errata/RHSA-2015-2696.html | 2023-02-13 | |
http://www.debian.org/security/2016/dsa-3469 | 2023-02-13 | |
http://www.debian.org/security/2016/dsa-3470 | 2023-02-13 | |
http://www.debian.org/security/2016/dsa-3471 | 2023-02-13 | |
https://security.gentoo.org/glsa/201602-01 | 2023-02-13 | |
https://access.redhat.com/security/cve/CVE-2015-7512 | 2015-12-22 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1285061 | 2015-12-22 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Redhat Search vendor "Redhat" | Openstack Search vendor "Redhat" for product "Openstack" | 5.0 Search vendor "Redhat" for product "Openstack" and version "5.0" | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "6.0" | - |
Safe
|
Redhat Search vendor "Redhat" | Virtualization Search vendor "Redhat" for product "Virtualization" | 3.0 Search vendor "Redhat" for product "Virtualization" and version "3.0" | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "6.0" | - |
Safe
|
Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | <= 2.4.1 Search vendor "Qemu" for product "Qemu" and version " <= 2.4.1" | - |
Affected
| ||||||
Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 2.5.0 Search vendor "Qemu" for product "Qemu" and version "2.5.0" | rc0 |
Affected
| ||||||
Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 2.5.0 Search vendor "Qemu" for product "Qemu" and version "2.5.0" | rc1 |
Affected
| ||||||
Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 2.5.0 Search vendor "Qemu" for product "Qemu" and version "2.5.0" | rc2 |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "6.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus" | 6.7 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "6.7" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "6.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "6.0" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 7.0 Search vendor "Debian" for product "Debian Linux" and version "7.0" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Linux Search vendor "Oracle" for product "Linux" | 6 Search vendor "Oracle" for product "Linux" and version "6" | - |
Affected
|