Your submission was sent successfully! Close

CVE-2015-3209

Published: 10 June 2015

Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set.

Priority

High

Status

Package Release Status
qemu
Launchpad, Ubuntu, Debian
precise Does not exist

trusty
Released (2.0.0+dfsg-2ubuntu1.13)
upstream Needs triage

utopic
Released (2.1+dfsg-4ubuntu6.7)
vivid
Released (1:2.2+dfsg-5expubuntu9.2)
Patches:
upstream: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=7b50d00911ddd6d56a766ac5671e47304c20a21b (bp)
qemu-kvm
Launchpad, Ubuntu, Debian
precise
Released (1.0+noroms-0ubuntu14.23)
trusty Does not exist

upstream Needs triage

utopic Does not exist

vivid Does not exist

xen
Launchpad, Ubuntu, Debian
precise
Released (4.1.6.1-0ubuntu0.12.04.6)
trusty Does not exist
(trusty was released [4.4.2-0ubuntu0.14.04.2])
upstream Needed

utopic Ignored
(reached end-of-life)
vivid Not vulnerable
(code not present)
Binaries built from this source package are in Universe and so are supported by the community.