Back to search
CVE-2015-8744
Published: Dec 29, 2016
Modified: Aug 6, 2024
PUBLISHED
Description
QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It occurs when a guest sends a Layer-2 packet smaller than 22 bytes. A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance resulting in DoS.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://bugzilla.redhat.com/show_bug.cgi?id=1270871
x_refsource_CONFIRM
79821
vdb-entry
x_refsource_BID
http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=a7278b36fcab9af469563bd7b
x_refsource_CONFIRM
[oss-security] 20160104 CVE request Qemu: net: vmxnet3: incorrect l2 header validation leads to a crash
mailing-list
x_refsource_MLIST
[oss-security] 20160104 Re: CVE request Qemu: net: vmxnet3: incorrect l2 header validation leads to a crash
mailing-list
x_refsource_MLIST
DSA-3471
vendor-advisory
x_refsource_DEBIAN
1034576
vdb-entry
x_refsource_SECTRACK
GLSA-201602-01
vendor-advisory
x_refsource_GENTOO
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now