Your submission was sent successfully! Close

CVE-2015-5745

Published: 6 August 2015

Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service (QEMU process crash) via a crafted virtio control message.

Priority

Medium

CVSS 3 base score: 6.5

Status

Package Release Status
qemu
Launchpad, Ubuntu, Debian
precise Does not exist

trusty
Released (2.0.0+dfsg-2ubuntu1.17)
upstream Needs triage

utopic Ignored
(reached end-of-life)
vivid
Released (1:2.2+dfsg-5expubuntu9.4)
Patches:
upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=7882080388be5088e72c425b02223c02e6cb4295
qemu-kvm
Launchpad, Ubuntu, Debian
precise Not vulnerable
(code not present)
trusty Does not exist

upstream Needs triage

utopic Does not exist

vivid Does not exist