CVE-2015-8701
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
QEMU (aka Quick Emulator) built with the Rocker switch emulation support is vulnerable to an off-by-one error. It happens while processing transmit (tx) descriptors in 'tx_consume' routine, if a descriptor was to have more than allowed (ROCKER_TX_FRAGS_MAX=16) fragments. A privileged user inside guest could use this flaw to cause memory leakage on the host or crash the QEMU process instance resulting in DoS issue.
QEMU (también conocido como Quick Emulator) construido con el soporte de emulación switch Rocker es vulnerable a un error off-by-one. Sucede mientras se procesan los descriptores de transmisión (tx) en rutina 'tx_consume', si un descriptor debía tener más fragmentos (ROCKER_TX_FRAGS_MAX=16) de los permitidos. Un usuario privilegiado dentro del huésped podría usar esta falla para provocar fuga de memoria en el host o bloquear la instacia de proceso QEMU resultando en un problema de DoS.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-12-29 CVE Reserved
- 2016-02-04 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-193: Off-by-one Error
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2015/12/28/6 | Mailing List |
|
| http://www.openwall.com/lists/oss-security/2015/12/29/1 | Mailing List |
|
| http://www.securityfocus.com/bid/79706 | Third Party Advisory | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1286971 | Issue Tracking |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg04629.html | 2020-11-10 |
| URL | Date | SRC |
|---|---|---|
| https://security.gentoo.org/glsa/201602-01 | 2020-11-10 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | <= 2.5.1.1 Search vendor "Qemu" for product "Qemu" and version " <= 2.5.1.1" | - |
Affected
| ||||||