Back to search
CVE-2015-8817
Published: Dec 29, 2016
Modified: Aug 6, 2024
PUBLISHED
Description
QEMU (aka Quick Emulator) built to use 'address_space_translate' to map an address to a MemoryRegionSection is vulnerable to an OOB r/w access issue. It could occur while doing pci_dma_read/write calls. Affects QEMU versions >= 1.6.0 and <= 2.3.1. A privileged user inside guest could use this flaw to crash the guest instance resulting in DoS.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
RHSA-2016:2671
vendor-advisory
x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=1300771
x_refsource_CONFIRM
RHSA-2016:2706
vendor-advisory
x_refsource_REDHAT
[oss-security] 20160301 CVE request Qemu: OOB access in address_space_rw leads to segmentation fault
mailing-list
x_refsource_MLIST
[oss-security] 20160301 Re: CVE request Qemu: OOB access in address_space_rw leads to segmentation fault
mailing-list
x_refsource_MLIST
RHSA-2016:2705
vendor-advisory
x_refsource_REDHAT
[qemu-stable] 20160127 [PATCH for v2.3.1] exec: Respect as_translate_internal length clamp
mailing-list
x_refsource_MLIST
RHSA-2016:2670
vendor-advisory
x_refsource_REDHAT
RHSA-2016:2704
vendor-advisory
x_refsource_REDHAT
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now