ALT-PU-2015-2048-1
Closed vulnerabilities
Published: 2017-10-16
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2015-7504
Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service (instance crash) or possibly execute arbitrary code via a series of packets in loopback mode.
Severity: HIGH (8.8)
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
References:
- RHSA-2015:2694
- RHSA-2015:2694
- RHSA-2015:2695
- RHSA-2015:2695
- RHSA-2015:2696
- RHSA-2015:2696
- DSA-3469
- DSA-3469
- DSA-3470
- DSA-3470
- DSA-3471
- DSA-3471
- [oss-security] 20151130 CVE-2015-7504 Qemu: net: pcnet: heap overflow vulnerability in loopback mode
- [oss-security] 20151130 CVE-2015-7504 Qemu: net: pcnet: heap overflow vulnerability in loopback mode
- 78227
- 78227
- 1034268
- 1034268
- http://xenbits.xen.org/xsa/advisory-162.html
- http://xenbits.xen.org/xsa/advisory-162.html
- [Qemu-devel] 20151130 [PATCH for 2.5 1/2] net: pcnet: add check to validate receive data size(CVE-2015-7504)
- [Qemu-devel] 20151130 [PATCH for 2.5 1/2] net: pcnet: add check to validate receive data size(CVE-2015-7504)
- GLSA-201602-01
- GLSA-201602-01
- GLSA-201604-03
- GLSA-201604-03
Published: 2016-01-09
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2015-7512
Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet.
Severity: CRITICAL (9.0)
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
References:
- http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=8b98a2f07175d46c3f7217639bd5e03f
- http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=8b98a2f07175d46c3f7217639bd5e03f
- RHSA-2015:2694
- RHSA-2015:2694
- RHSA-2015:2695
- RHSA-2015:2695
- RHSA-2015:2696
- RHSA-2015:2696
- DSA-3469
- DSA-3469
- DSA-3470
- DSA-3470
- DSA-3471
- DSA-3471
- [oss-security] 20151130 CVE-2015-7512 Qemu: net: pcnet: buffer overflow in non-loopback mode
- [oss-security] 20151130 CVE-2015-7512 Qemu: net: pcnet: buffer overflow in non-loopback mode
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- 78230
- 78230
- 1034527
- 1034527
- GLSA-201602-01
- GLSA-201602-01