Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2015-8613

Опубликовано: 11 апр. 2017
Источник: debian

Описание

Stack-based buffer overflow in the megasas_ctrl_get_info function in QEMU, when built with SCSI MegaRAID SAS HBA emulation support, allows local guest users to cause a denial of service (QEMU instance crash) via a crafted SCSI controller CTRL_GET_INFO command.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
qemufixed1:2.5+dfsg-3package
qemunot-affectedwheezypackage
qemunot-affectedsqueezepackage
qemu-kvmnot-affectedpackage

Примечания

  • https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg03737.html

  • https://bugzilla.redhat.com/show_bug.cgi?id=1284008

  • https://www.openwall.com/lists/oss-security/2015/12/21/7

  • LSI Megaraid SAS HBA emulation introduced in http://git.qemu.org/?p=qemu.git;a=commitdiff;h=e8f943c3bcc2a578bfd30b825f2ebaf345c63a09 (v1.2.0-rc0)

Связанные уязвимости

ubuntu логотип

CVE-2015-8613

CVSS3: 6.5
ubuntu
почти 9 лет назад

Stack-based buffer overflow in the megasas_ctrl_get_info function in QEMU, when built with SCSI MegaRAID SAS HBA emulation support, allows local guest users to cause a denial of service (QEMU instance crash) via a crafted SCSI controller CTRL_GET_INFO command.

redhat логотип

CVE-2015-8613

redhat
около 10 лет назад

Stack-based buffer overflow in the megasas_ctrl_get_info function in QEMU, when built with SCSI MegaRAID SAS HBA emulation support, allows local guest users to cause a denial of service (QEMU instance crash) via a crafted SCSI controller CTRL_GET_INFO command.

nvd логотип

CVE-2015-8613

CVSS3: 6.5
nvd
почти 9 лет назад

Stack-based buffer overflow in the megasas_ctrl_get_info function in QEMU, when built with SCSI MegaRAID SAS HBA emulation support, allows local guest users to cause a denial of service (QEMU instance crash) via a crafted SCSI controller CTRL_GET_INFO command.

github логотип

GHSA-62p4-wgww-h3qr

CVSS3: 6.5
github
больше 3 лет назад

Stack-based buffer overflow in the megasas_ctrl_get_info function in QEMU, when built with SCSI MegaRAID SAS HBA emulation support, allows local guest users to cause a denial of service (QEMU instance crash) via a crafted SCSI controller CTRL_GET_INFO command.

fstec логотип

BDU:2017-01032

fstec
почти 9 лет назад

Уязвимость эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании