Lucene search
+L

10 matches found

redhat
redhat
added 2021/11/03 8:57 a.m.2 views

QEMU: virtio-net: heap use-after-free in virtio_net_receive_rcu

A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to numbuffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting i...

7.5CVSS6.8AI score0.00522EPSS
Exploits0References4
debian
debian
added 2016/02/08 7:45 p.m.43 views

[SECURITY] [DSA 3470-1] qemu-kvm security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3470-1 [email protected] https://www.debian.org/security/ Sebastien Delafond February 08, 2016 https://www.debian.org/security/faq -...

9CVSS9AI score0.0773EPSS
Exploits1
openvas
openvas
added 2016/02/08 12:0 a.m.41 views

Debian Security Advisory DSA 3469-1 (qemu - security update)

Several vulnerabilities were discovered in qemu, a full virtualization solution on x86 hardware. CVE-2015-7295 Jason Wang of Red Hat Inc. discovered that the Virtual Network Device support is vulnerable to denial-of-service via resource exhaustion, that could occur when receiving large packets...

9.3CVSS0.7AI score0.0773EPSS
Exploits1References1
nvd
nvd
added 2015/11/09 4:59 p.m.26 views

CVE-2015-7295

hw/virtio/virtio.c in the Virtual Network Device virtio-net support in QEMU, when big or mergeable receive buffers are not supported, allows remote attackers to cause a denial of service guest network consumption via a flood of jumbo frames on the 1 tuntap or 2 macvtap interface...

5CVSS8.6AI score0.04935EPSS
Exploits0References10
prion
prion
added 2015/11/09 4:59 p.m.20 views

Design/Logic Flaw

hw/virtio/virtio.c in the Virtual Network Device virtio-net support in QEMU, when big or mergeable receive buffers are not supported, allows remote attackers to cause a denial of service guest network consumption via a flood of jumbo frames on the 1 tuntap or 2 macvtap interface...

5CVSS6.9AI score0.04935EPSS
Exploits0References10Affected Software3
cvelist
cvelist
added 2015/11/09 4:0 p.m.35 views

CVE-2015-7295

hw/virtio/virtio.c in the Virtual Network Device virtio-net support in QEMU, when big or mergeable receive buffers are not supported, allows remote attackers to cause a denial of service guest network consumption via a flood of jumbo frames on the 1 tuntap or 2 macvtap interface...

7.3AI score0.04935EPSS
Exploits0References10
cve
cve
added 2015/11/09 4:0 p.m.111 views

CVE-2015-7295

CVE-2015-7295 affects QEMU virtio-net (Virtual Network Device) where, if big or mergeable receive buffers are not supported, a remote attacker can cause a denial of service by flooding jumbo frames on tuntap or macvtap, exhausting guest network receive buffers. Affected product area: QEMU’s virti...

5CVSS7.2AI score0.04935EPSS
Exploits0References10Affected Software1
ubuntucve
ubuntucve
added 2015/11/09 12:0 a.m.28 views

CVE-2015-7295

hw/virtio/virtio.c in the Virtual Network Device virtio-net support in QEMU, when big or mergeable receive buffers are not supported, allows remote attackers to cause a denial of service guest network consumption via a flood of jumbo frames on the 1 tuntap or 2 macvtap interface...

5CVSS7.1AI score0.04935EPSS
Exploits0References3
mageia
mageia
added 2015/10/13 10:40 p.m.65 views

Updated qemu packages fixes security vulnerabilities

Qinghao Tang of QIHU 360 Inc. discovered an infinite loop issue in the NE2000 NIC emulation. A privileged guest user could use this flaw to mount a denial of service QEMU process crash. CVE-2015-5278 Qinghao Tang of QIHU 360 Inc. discovered a heap buffer overflow flaw in the NE2000 NIC emulation....

7.2CVSS8.7AI score0.04935EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2012/05/29 12:0 a.m.4 views

PT-2012-3829 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 3.4.5 Description: The issue is related to the sock alloc send pskb function in the Linux kernel, which does not properly validate a certain length value. This can be exploited by local users to cause a denial o...

7.8CVSS6.8AI score0.00713EPSS
Exploits5References74
Rows per page
Query Builder