CVE-2015-5745
published 2020-01-23CVE-2015-5745: Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service (QEMU…
PriorityP431medium6.5CVSS 3.1
AVNACLPRLUINSUCNINAH
EPSS
3.01%
85.7th percentile
Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service (QEMU process crash) via a crafted virtio control message.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| arista | eos | — | — |
| arista | eos | — | — |
| arista | eos | — | — |
| arista | eos | — | — |
| debian | qemu | < qemu 1:2.4+dfsg-1a (bookworm) | qemu 1:2.4+dfsg-1a (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| qemu | qemu | < 2.4.0 | 2.4.0 |
| qemu | qemu | — | — |
| qemu | qemu | >= 0 < 1:2.4+dfsg-1a | 1:2.4+dfsg-1a |
| qemu | qemu | >= 0 < 1:2.4+dfsg-1a | 1:2.4+dfsg-1a |
| qemu | qemu | >= 0 < 1:2.4+dfsg-1a | 1:2.4+dfsg-1a |
| qemu | qemu | >= 0 < 1:2.4+dfsg-1a | 1:2.4+dfsg-1a |
| qemu | qemu | >= 0 < 2.0.0+dfsg-2ubuntu1.17 | 2.0.0+dfsg-2ubuntu1.17 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:N/A:P
osv6.5MEDIUM
vendor_debian6.5MEDIUM
vendor_redhat6.5MEDIUM
vendor_ubuntu4.9MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-w8v5-w883-3mh3: Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus
ghsa_unreviewed·2022-05-24
CVE-2015-5745 [MEDIUM] CWE-120 GHSA-w8v5-w883-3mh3: Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus
Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service (QEMU process crash) via a crafted virtio control message.
OSV
CVE-2015-5745: Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus
osv·2020-01-23·CVSS 6.5
CVE-2015-5745 [MEDIUM] CVE-2015-5745: Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus
Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service (QEMU process crash) via a crafted virtio control message.
OSV
qemu, qemu-kvm vulnerabilities
osv·2015-08-27·CVSS 4.9
CVE-2014-9718 [MEDIUM] qemu, qemu-kvm vulnerabilities
qemu, qemu-kvm vulnerabilities
It was discovered that QEMU incorrectly handled a PRDT with zero complete
sectors in the IDE functionality. A malicious guest could possibly use
this issue to cause a denial of service. This issue only affected Ubuntu
12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-9718)
Donghai Zhu discovered that QEMU incorrectly handled the RTL8139 driver.
A malicious guest could possibly use this issue to read sensitive
information from arbitrary host memory. (CVE-2015-5165)
Donghai Zhu discovered that QEMU incorrectly handled unplugging emulated
block devices. A malicious guest could use this issue to cause a denial of
service, or possibly execute arbitrary code on the host as the user running
the QEMU process. In the default installation, when QEMU is used with
libvirt, at
Ubuntu
QEMU vulnerabilities
vendor_ubuntu·2015-08-27·CVSS 4.9
CVE-2014-9718 [MEDIUM] QEMU vulnerabilities
Title: QEMU vulnerabilities
Summary: Several security issues were fixed in QEMU.
It was discovered that QEMU incorrectly handled a PRDT with zero complete
sectors in the IDE functionality. A malicious guest could possibly use
this issue to cause a denial of service. This issue only affected Ubuntu
12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-9718)
Donghai Zhu discovered that QEMU incorrectly handled the RTL8139 driver.
A malicious guest could possibly use this issue to read sensitive
information from arbitrary host memory. (CVE-2015-5165)
Donghai Zhu discovered that QEMU incorrectly handled unplugging emulated
block devices. A malicious guest could use this issue to cause a denial of
service, or possibly execute arbitrary code on the host as the user running
the QEMU process. In the defau
Red Hat
kernel: qemu buffer overflow in virtio-serial
vendor_redhat·2015-07-23·CVSS 6.5
CVE-2015-5745 [MEDIUM] CWE-122 kernel: qemu buffer overflow in virtio-serial
kernel: qemu buffer overflow in virtio-serial
Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service (QEMU process crash) via a crafted virtio control message.
Qemu emulator built with the virtio-serial vmchannel support is vulnerable to a buffer overflow issue, while exchanging virtio control messages between guest & the host. A malicious guest could use this flaw to corrupt few bytes of Qemu memory area, potentially crashing the Qemu process.
Statement: This issue does not affect the versions of kvm and xen packages as shipped with Red Hat Enterprise Linux 5.
This issue affects the versions of the qemu-kvm packages as shipped with Red Hat Enterprise Linux 6 and 7.
This issue affects the Red H
Debian
CVE-2015-5745: qemu - Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus.c ...
vendor_debian·2015·CVSS 6.5
CVE-2015-5745 [MEDIUM] CVE-2015-5745: qemu - Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus.c ...
Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service (QEMU process crash) via a crafted virtio control message.
Scope: local
bookworm: resolved (fixed in 1:2.4+dfsg-1a)
bullseye: resolved (fixed in 1:2.4+dfsg-1a)
forky: resolved (fixed in 1:2.4+dfsg-1a)
sid: resolved (fixed in 1:2.4+dfsg-1a)
trixie: resolved (fixed in 1:2.4+dfsg-1a)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2015-5745 xen: kernel: qemu buffer overflow in virtio-serial [fedora-all]
bugzilla·2015-08-07·CVSS 6.5
CVE-2015-5745 [MEDIUM] CVE-2015-5745 xen: kernel: qemu buffer overflow in virtio-serial [fedora-all]
CVE-2015-5745 xen: kernel: qemu buffer overflow in virtio-serial [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of
Bugzilla
CVE-2015-5745 qemu: kernel: qemu buffer overflow in virtio-serial [fedora-all]
bugzilla·2015-08-06·CVSS 6.5
CVE-2015-5745 [MEDIUM] CVE-2015-5745 qemu: kernel: qemu buffer overflow in virtio-serial [fedora-all]
CVE-2015-5745 qemu: kernel: qemu buffer overflow in virtio-serial [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of
Bugzilla
CVE-2015-5745 kernel: qemu buffer overflow in virtio-serial
bugzilla·2015-08-06·CVSS 6.5
CVE-2015-5745 [MEDIUM] CVE-2015-5745 kernel: qemu buffer overflow in virtio-serial
CVE-2015-5745 kernel: qemu buffer overflow in virtio-serial
It was reported that Qemu emulator built with the virtio-serial vmchannel support is vulnerable to a buffer overflow issue. It could occur while exchanging virtio control messages between guest & the host.
A malicious guest could use this flaw to corrupt few bytes of Qemu memory area, potentially crashing the Qemu process.
Upstream fix:
-> git.qemu.org/?p=qemu.git;a=commit;h=7882080388be5088e72c425b02223c02e6cb4295
Reference:
-> http://seclists.org/oss-sec/2015/q3/302
Discussion:
Created qemu tracking bugs for this issue:
Affects: fedora-all [bug 1251160]
---
Statement:
This issue does not affect the versions of kvm and xen packages as shipped with Red Hat Enterprise Linux 5.
This issue affects the versions of the qemu-
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.htmlhttp://www.openwall.com/lists/oss-security/2015/08/06/3http://www.openwall.com/lists/oss-security/2015/08/06/5https://github.com/qemu/qemu/commit/7882080388be5088e72c425b02223c02e6cb4295https://lists.gnu.org/archive/html/qemu-devel/2015-07/msg05458.htmlhttps://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.htmlhttp://www.openwall.com/lists/oss-security/2015/08/06/3http://www.openwall.com/lists/oss-security/2015/08/06/5https://github.com/qemu/qemu/commit/7882080388be5088e72c425b02223c02e6cb4295https://lists.gnu.org/archive/html/qemu-devel/2015-07/msg05458.htmlhttps://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13
2020-01-23
Published