CVE-2015-7295

Опубликовано: 18 сент. 2015

Источник: redhat

CVSS2: 3.3

Описание

hw/virtio/virtio.c in the Virtual Network Device (virtio-net) support in QEMU, when big or mergeable receive buffers are not supported, allows remote attackers to cause a denial of service (guest network consumption) via a flood of jumbo frames on the (1) tuntap or (2) macvtap interface.

A flaw has been discovered in the QEMU emulator built with Virtual Network Device(virtio-net) support. If the guest's virtio-net driver did not support big or mergeable receive buffers, an issue could occur while receiving large packets over the tuntap/ macvtap interfaces. An attacker on the local network could use this flaw to disable the guest's networking; the user could send a large number of jumbo frames to the guest, which could exhaust all receive buffers, and lead to a denial of service.

Отчет

This issue affects the versions of kvm package as shipped with Red Hat Enterprise Linux 5. This issue affects the versions of the qemu-kvm packages as shipped with Red Hat Enterprise Linux 6 and 7. This issue affects the Red Hat Enterprise Linux 6 based versions of qemu-kvm-rhev packages as shipped with Red Hat Enterprise Virtualization 3. This issue affects the Red Hat Enterprise Linux 7 based versions of the qemu-kvm-rhev packages as shipped with Red Hat Enterprise Virtualization 3.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 5	kvm	Will not fix
Red Hat Enterprise Linux 5	xen	Not affected
Red Hat Enterprise Linux 6	qemu-kvm	Will not fix
Red Hat Enterprise Linux 7	qemu-kvm	Will not fix
Red Hat Enterprise Linux 7	qemu-kvm-rhev	Will not fix
Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse)	qemu-kvm-rhev	Will not fix
Red Hat Enterprise Linux OpenStack Platform 6 (Juno)	qemu-kvm-rhev	Will not fix
Red Hat Enterprise Linux OpenStack Platform 7 (Kilo)	qemu-kvm-rhev	Will not fix