Package qemu updated to version 1.4.0-alt1.1.M70C.3 for branch c7 in task 154148.

Published: 2017-10-16
Modified: 2025-04-20

CVE-2015-7504

Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service (instance crash) or possibly execute arbitrary code via a series of packets in loopback mode.

Severity: MEDIUM (4.6) Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

References:

Published: 2016-01-08
Modified: 2025-04-12

CVE-2015-7512

Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet.

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: CRITICAL (9.0) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

References:

Version: 2.1.2

Package qemu update in c7 on 2015-12-02

ALT-PU-2015-2048-1

Closed vulnerabilities

CVE-2015-7504

CVE-2015-7512