CVE-2015-6815

Опубликовано: 05 сент. 2015

Источник: redhat

CVSS2: 2.3

Описание

The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors.

A flaw was found in the way a QEMU-emulated e1000 network interface card processed transmit descriptor data when sending a network packet. A privileged guest user could use this flaw to crash the guest.

Отчет

This issue affects the versions of kvm and xen packages as shipped with Red Hat Enterprise Linux 5. This issue affects the versions of the qemu-kvm packages as shipped with Red Hat Enterprise Linux 6 and 7. This issue affects the Red Hat Enterprise Linux 6 based versions of qemu-kvm-rhev packages as shipped with Red Hat Enterprise Virtualization 3. This issue affect the Red Hat Enterprise Linux 7 based versions of the qemu-kvm-rhev packages as shipped with Red Hat Enterprise Virtualization 3.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 5	kvm	Will not fix
Red Hat Enterprise Linux 5	xen	Will not fix
Red Hat Enterprise Linux 6	qemu-kvm	Will not fix
Red Hat Enterprise Linux 7	qemu-kvm	Will not fix
Red Hat Enterprise Linux 7	qemu-kvm-rhev	Will not fix
Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse)	qemu-kvm-rhev	Will not fix
Red Hat Enterprise Linux OpenStack Platform 6 (Juno)	qemu-kvm-rhev	Will not fix
Red Hat Enterprise Linux OpenStack Platform 7 (Kilo)	qemu-kvm-rhev	Will not fix