CVE-2015-8743

Published: 04 January 2016

QEMU (aka Quick Emulator) built with the NE2000 device emulation support is vulnerable to an OOB r/w access issue. It could occur while performing 'ioport' r/w operations. A privileged (CAP_SYS_RAWIO) user/process could use this flaw to leak or corrupt QEMU memory bytes.

Priority

CVSS 3 base score: 7.1

Status

Package	Release	Status
qemu Launchpad, Ubuntu, Debian	Upstream	Needs triage




	Ubuntu 16.04 LTS (Xenial Xerus)	Released (1:2.5+dfsg-1ubuntu5)
	Ubuntu 14.04 ESM (Trusty Tahr)	Released (2.0.0+dfsg-2ubuntu1.22)
	Patches: Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=aa7f9966dfdff500bbbf1956d9e115b1fa8987a6
qemu-kvm Launchpad, Ubuntu, Debian	Upstream	Needs triage




	Ubuntu 16.04 LTS (Xenial Xerus)	Does not exist
	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist

References

Bugs

https://bugzilla.redhat.com/show_bug.cgi?id=1264929

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu 14.04 Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM