6.5

CVE-2015-8701

QEMU (aka Quick Emulator) built with the Rocker switch emulation support is vulnerable to an off-by-one error. It happens while processing transmit (tx) descriptors in 'tx_consume' routine, if a descriptor was to have more than allowed (ROCKER_TX_FRAGS_MAX=16) fragments. A privileged user inside guest could use this flaw to cause memory leakage on the host or crash the QEMU process instance resulting in DoS issue.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
QemuQemu Version <= 2.5.1.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.39% 0.307
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2 4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
nvd@nist.gov 2.1 3.9 2.9
AV:L/AC:L/Au:N/C:N/I:N/A:P
CWE-193 Off-by-one Error

A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.

https://security.gentoo.org/glsa/201602-01
Third Party Advisory
http://www.openwall.com/lists/oss-security/2015/12/28/6
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2015/12/29/1
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/79706
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1286971
Issue Tracking
https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg04629.html
Patch
Vendor Advisory