Lucene search

K
freebsdFreeBSD9AD8993E-B1BA-11E5-9728-002590263BF5
HistoryDec 15, 2015 - 12:00 a.m.

qemu -- denial of service vulnerability in VMWARE VMXNET3 NIC support

2015-12-1500:00:00
vuxml.freebsd.org
15

7.7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:N/A:C

0.006 Low

EPSS

Percentile

77.6%

Prasad J Pandit, Red Hat Product Security Team, reports:

Qemu emulator built with a VMWARE VMXNET3 paravirtual NIC emulator
support is vulnerable to a memory leakage flaw. It occurs when a
guest repeatedly tries to activate the vmxnet3 device.
A privileged guest user could use this flaw to leak host memory,
resulting in DoS on the host.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchqemu< 2.5.0UNKNOWN
FreeBSDanynoarchqemu-devel< 2.5.0UNKNOWN
FreeBSDanynoarchqemu-sbruno< 2.5.50.g20160213UNKNOWN
FreeBSDanynoarchqemu-user-static< 2.5.50.g20160213UNKNOWN

7.7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:N/A:C

0.006 Low

EPSS

Percentile

77.6%