Computer Security
[EN] no-pyccku

libvirt / qemu multiple security vulnerabilities
SecurityVulns ID:14718
Threat Level:
Description:DoS, memory corruptions.
Affected:QEMU : QEMU 2.4
CVE:CVE-2015-6855 (hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash.)
 CVE-2015-5279 (Heap-based buffer overflow in the ne2000_receive function in hw/net/ne2000.c in QEMU before allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via vectors related to receiving packets.)
Original documentdocumentUBUNTU, [USN-2745-1] QEMU vulnerabilities (12.10.2015)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod