CVE-2015-8701

QEMU (aka Quick Emulator) built with the Rocker switch emulation support is vulnerable to an off-by-one error. It happens while processing transmit (tx) descriptors in 'tx_consume' routine, if a descriptor was to have more than allowed (ROCKER_TX_FRAGS_MAX=16) fragments. A privileged user inside guest could use this flaw to cause memory leakage on the host or crash the QEMU process instance resulting in DoS issue.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 22%
VendorProductVersion
qemuqemu
𝑥
≤ 2.5.1.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
qemu
bullseye
1:5.2+dfsg-11+deb11u3
fixed
jessie
not-affected
wheezy
not-affected
squeeze
not-affected
bullseye (security)
1:5.2+dfsg-11+deb11u2
fixed
bookworm
1:7.2+dfsg-7+deb12u7
fixed
sid
1:9.1.1+ds-2
fixed
trixie
1:9.1.1+ds-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
qemu
wily
not-affected
vivid
not-affected
trusty
not-affected
precise
dne
qemu-kvm
wily
dne
vivid
dne
trusty
dne
precise
not-affected
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2015/12/28/6
http://www.openwall.com/lists/oss-security/2015/12/29/1
http://www.securityfocus.com/bid/79706
https://bugzilla.redhat.com/show_bug.cgi?id=1286971
https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg04629.html
https://security.gentoo.org/glsa/201602-01
http://www.openwall.com/lists/oss-security/2015/12/28/6
http://www.openwall.com/lists/oss-security/2015/12/29/1
http://www.securityfocus.com/bid/79706
https://bugzilla.redhat.com/show_bug.cgi?id=1286971
https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg04629.html
https://security.gentoo.org/glsa/201602-01