Computer Security
[EN] securityvulns.ru no-pyccku


libvirt / qemu multiple security vulnerabilities
Published:12.10.2015
Source:
SecurityVulns ID:14718
Type:library
Threat Level:
6/10
Description:DoS, memory corruptions.
Affected:QEMU : QEMU 2.4
CVE:CVE-2015-6855 (hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash.)
 CVE-2015-6815
 CVE-2015-5279 (Heap-based buffer overflow in the ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via vectors related to receiving packets.)
 CVE-2015-5278
 CVE-2015-5239
Original documentdocumentUBUNTU, [USN-2745-1] QEMU vulnerabilities (12.10.2015)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod