Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2015-8666

Опубликовано: 24 дек. 2015
Источник: redhat
CVSS2: 2.9
EPSS Низкий

Описание

Heap-based buffer overflow in QEMU, when built with the Q35-chipset-based PC system emulator.

A heap-based buffer overflow flaw was discovered in the QEMU emulator built with the Q35-chipset-based PC system emulator. During VM-guest migration, more data (8 bytes) is moved than the allocated memory area. A privileged guest user could use this flaw to corrupt the VM guest image, which could potentially lead to a denial of service.

Отчет

This issue does not affect the versions of the kvm and xen packages as shipped with Red Hat Enterprise Linux 5. This issue does not affect the versions of the qemu-kvm packages as shipped with Red Hat Enterprise Linux 6, and the Red Hat Enterprise Linux 6 based versions of qemu-kvm-rhev packages as shipped with Red Hat Enterprise Virtualization 3. This issue does not affect the versions of the qemu-kvm packages as shipped with Red Hat Enterprise Linux 7. This issue does not affect the Red Hat Enterprise Linux 7 based versions of the qemu-kvm-rhev packages as shipped with Red Hat Enterprise Virtualization 3.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kvmNot affected
Red Hat Enterprise Linux 6qemu-kvmNot affected
Red Hat Enterprise Linux 7qemu-kvmNot affected
Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse)qemu-kvm-rhevNot affected
Red Hat Enterprise Linux OpenStack Platform 6 (Juno)qemu-kvm-rhevNot affected
Red Hat Enterprise Linux OpenStack Platform 7 (Kilo)qemu-kvm-rhevNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-122
https://bugzilla.redhat.com/show_bug.cgi?id=1283722Qemu: acpi: heap based buffer overrun during VM migration

EPSS

Процентиль: 24%
0.00079
Низкий

2.9 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2015-8666

CVSS3: 7.9
ubuntu
почти 9 лет назад

Heap-based buffer overflow in QEMU, when built with the Q35-chipset-based PC system emulator.

nvd логотип

CVE-2015-8666

CVSS3: 7.9
nvd
почти 9 лет назад

Heap-based buffer overflow in QEMU, when built with the Q35-chipset-based PC system emulator.

debian логотип

CVE-2015-8666

CVSS3: 7.9
debian
почти 9 лет назад

Heap-based buffer overflow in QEMU, when built with the Q35-chipset-ba ...

github логотип

GHSA-q6xv-hggq-8w4h

CVSS3: 7.9
github
больше 3 лет назад

Heap-based buffer overflow in QEMU, when built with the Q35-chipset-based PC system emulator.

fstec логотип

BDU:2017-01030

fstec
почти 9 лет назад

Уязвимость эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 24%
0.00079
Низкий

2.9 Low

CVSS2