7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
Multiple vulnerabilities in qemu-kvm affect IBM SmartCloud Provisioning V2.1 for IBM Software Virtual Appliance.
Please note product software support discontinuance as per IBM Withdrawal Announcement 916-016.
For withdrawal announcement information details see the Reference section below.
KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM.
CVEID: CVE-2015-5279**
DESCRIPTION:** Qemu is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the ne2000_receive() function. By sending specially crafted packets, a remote attacker from within the local network could overflow a buffer and execute arbitrary code on the system or cause the Qemu instance to crash.
CVSS Base Score: 6.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/106356 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
CVEID: CVE-2015-4037**
DESCRIPTION:** QEMU is vulnerable to a denial of service, caused by insecure temporary file use in /net/slirp.c. An attacker could exploit this vulnerability to cause a denial of service.
CVSS Base Score: 4.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/103526 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C)
CVEID: CVE-2015-5239**
DESCRIPTION:** QEMU, built with the VNC display driver, is vulnerable to a denial of service, caused by an integer overflow in the vnc_client_read() and protocol_client_msg() functions. A local authenticated attacker could exploit this vulnerability using a CLIENT_CUT_TEXT message with a specially crafted payload string to trigger an infinite loop within the VNC driver and cause the Qemu process to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/106091 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2015-5278**
DESCRIPTION:** Qemu is vulnerable to a denial of service, caused by an error in the ne2000_receive() function. By sending specially crafted packets, a remote attacker from within the local network could exploit this vulnerability to cause the application to enter into an infinite loop and crash.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/106361 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2015-6855**
DESCRIPTION:** Qemu is vulnerable to a denial of service, caused by a divide-by-zero error within an emulator built with IDE disk and CD/DVD-ROM emulation support when executing IDE’s WIN_READ_NATIVE_MAX command. A remote authenticated attacker could exploit this vulnerability to cause the QEMU instance to crash.
CVSS Base Score: 3.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/106313 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)
All releases of IBM SmartCloud Provisioning V2.1 for IBM Software Virtual Appliance
Please note product software support discontinuance as per IBM Withdrawal Announcement 916-016.
If you are running IBM SmartCloud Provisioning 2.1 for IBM Software Virtual Appliance, contact IBM support.
For withdrawal announcement information details see the Reference section below.
None.
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C