CVE-2015-8504 — Divide By Zero in Qemu

CWE-369 — Divide By Zero10 documents7 sources

Severity

6.5MEDIUMNVD

OSV6.0

EPSS

2.8%

top 13.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qemu Debian Qemu Debian Linux

Timeline

PublishedApr 11

Latest updateMay 13

Description

Qemu, when built with VNC display driver support, allows remote attackers to cause a denial of service (arithmetic exception and application crash) via crafted SetPixelFormat messages from a client.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶debiandebian/qemu< qemu 1:2.5+dfsg-1 (bookworm)

▶Debianqemu/qemu< 1:2.5+dfsg-1+3

▶Ubuntuqemu/qemu< 2.0.0+dfsg-2ubuntu1.22

▶NVDqemu/qemu2.4.1+1

Also affects: Debian Linux 7.0, 8.0

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-g957-g6mh-xp98: Qemu, when built with VNC display driver support, allows remote attackers to cause a denial of service (arithmetic exception and application crash) vi↗2022-05-13

▶

OSV

CVE-2015-8504: Qemu, when built with VNC display driver support, allows remote attackers to cause a denial of service (arithmetic exception and application crash) vi↗2017-04-11

▶

OSV

qemu, qemu-kvm vulnerabilities↗2016-02-03

▶

📋Vendor Advisories

Ubuntu

QEMU vulnerabilities↗2016-02-03

▶

Red Hat

Qemu: ui: vnc: avoid floating point exception↗2015-12-03

▶

Debian

CVE-2015-8504: qemu - Qemu, when built with VNC display driver support, allows remote attackers to cau...↗2015

▶

💬Community

Bugzilla

CVE-2015-8504 Qemu: ui: vnc: avoid floating point exception↗2015-12-08

▶

Bugzilla

CVE-2015-8504 Qemu: ui: vnc: avoid floating point exception [fedora-all]↗2015-12-08

▶

Bugzilla

CVE-2015-8504 xen: Qemu: ui: vnc: avoid floating point exception [fedora-all]↗2015-12-08

▶