CVE-2015-8745

Published: 04 January 2016

QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It could occur while reading Interrupt Mask Registers (IMR). A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance resulting in DoS.

Priority

CVSS 3 base score: 5.5

Status

Package	Release	Status
qemu Launchpad, Ubuntu, Debian	Upstream	Needs triage






	Ubuntu 14.04 ESM (Trusty Tahr)	Released (2.0.0+dfsg-2ubuntu1.22)
	Patches: Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=c6048f849c7e3f009786df76206e895
qemu-kvm Launchpad, Ubuntu, Debian	Upstream	Needs triage






	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8745
http://www.openwall.com/lists/oss-security/2016/01/04/4
https://ubuntu.com/security/notices/USN-2891-1
NVD
Launchpad
Debian

Bugs

https://bugzilla.redhat.com/show_bug.cgi?id=1270876

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›