1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
PublicDateAtUSN: 2016-01-04
Candidate: CVE-2015-8744
PublicDate: 2016-12-29
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8744
http://www.openwall.com/lists/oss-security/2016/01/04/3
http://www.ubuntu.com/usn/usn-2891-1
Description:
QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC
emulator support is vulnerable to crash issue. It occurs when a guest sends
a Layer-2 packet smaller than 22 bytes. A privileged (CAP_SYS_RAWIO) guest
user could use this flaw to crash the QEMU process instance resulting in
DoS.
Ubuntu-Description:
Notes:
Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1270871
Priority: medium
Discovered-by:
Assigned-to: mdeslaur
Patches_qemu-kvm:
upstream_qemu-kvm: needs-triage
precise_qemu-kvm: not-affected (code not present)
trusty_qemu-kvm: DNE
vivid_qemu-kvm: DNE
vivid/stable-phone-overlay_qemu-kvm: DNE
vivid/ubuntu-core_qemu-kvm: DNE
wily_qemu-kvm: DNE
devel_qemu-kvm: DNE
Patches_qemu:
upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=a7278b36fcab9af469563bd7b
upstream_qemu: needs-triage
precise_qemu: DNE
trusty_qemu: released (2.0.0+dfsg-2ubuntu1.22)
vivid_qemu: ignored (reached end-of-life)
vivid/stable-phone-overlay_qemu: DNE
vivid/ubuntu-core_qemu: DNE
wily_qemu: released (1:2.3+dfsg-5ubuntu9.2)
devel_qemu: not-affected (1:2.5+dfsg-1ubuntu3)
|