CVE-2015-7549 — NULL Pointer Dereference in Qemu

CWE-476 — NULL Pointer Dereference10 documents7 sources

Severity

6.0MEDIUMNVD

EPSS

0.1%

top 69.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qemu Debian Qemu

Timeline

PublishedOct 30

Latest updateMay 17

Description

The MSI-X MMIO support in hw/pci/msix.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by leveraging failure to define the .write method.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:HExploitability: 1.5 | Impact: 4.0

Affected Packages4 packages

▶NVDqemu/qemu< 2.5.0

▶debiandebian/qemu< qemu 1:2.5+dfsg-1 (bookworm)

▶Debianqemu/qemu< 1:2.5+dfsg-1+3

▶Ubuntuqemu/qemu< 2.0.0+dfsg-2ubuntu1.22

🔴Vulnerability Details

GHSA

GHSA-v683-5725-54rp: The MSI-X MMIO support in hw/pci/msix↗2022-05-17

▶

OSV

CVE-2015-7549: The MSI-X MMIO support in hw/pci/msix↗2017-10-30

▶

OSV

qemu, qemu-kvm vulnerabilities↗2016-02-03

▶

📋Vendor Advisories

Ubuntu

QEMU vulnerabilities↗2016-02-03

▶

Red Hat

Qemu: pci: null pointer dereference issue↗2015-10-24

▶

Debian

CVE-2015-7549: qemu - The MSI-X MMIO support in hw/pci/msix.c in QEMU (aka Quick Emulator) allows loca...↗2015

▶

💬Community

Bugzilla

CVE-2015-7549 Qemu: pci: null pointer dereference issue↗2015-12-14

▶

Bugzilla

CVE-2015-7549 Qemu: pci: null pointer dereference issue [fedora-all]↗2015-12-14

▶

Bugzilla

CVE-2015-7549 xen: Qemu: pci: null pointer dereference issue [fedora-all]↗2015-12-14

▶