CVE-2015-8568Missing Release of Resource after Effective Lifetime in Qemu

CWE-772Missing Release of Resource after Effective LifetimeCWE-401Missing Release of Memory after Effective Lifetime10 documents7 sources
Severity
6.5MEDIUMNVD
OSV6.0
EPSS
0.1%
top 81.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
QemuDebian QemuDebian Linux
Timeline
PublishedApr 11
Latest updateMay 13

Description

Memory leak in QEMU, when built with a VMWARE VMXNET3 paravirtual NIC emulator support, allows local guest users to cause a denial of service (host memory consumption) by trying to activate the vmxnet3 device repeatedly.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:HExploitability: 2.0 | Impact: 4.0

Affected Packages4 packages

debiandebian/qemu< qemu 1:2.5+dfsg-3 (bookworm)
Debianqemu/qemu< 1:2.5+dfsg-3+3
Ubuntuqemu/qemu< 2.0.0+dfsg-2ubuntu1.22
NVDqemu/qemu2.5.1

Also affects: Debian Linux 8.0

Patches

Patch: bugzilla.redhat.comPatch: lists.gnu.orgPatch: bugzilla.redhat.com

🔴Vulnerability Details

3
GHSA
GHSA-wp6g-r7h4-vcwr: Memory leak in QEMU, when built with a VMWARE VMXNET3 paravirtual NIC emulator support, allows local guest users to cause a denial of service (host me2022-05-13
OSV
CVE-2015-8568: Memory leak in QEMU, when built with a VMWARE VMXNET3 paravirtual NIC emulator support, allows local guest users to cause a denial of service (host me2017-04-11
OSV
qemu, qemu-kvm vulnerabilities2016-02-03

📋Vendor Advisories

3
Ubuntu
QEMU vulnerabilities2016-02-03
Red Hat
Qemu: net: vmxnet3: host memory leakage2015-12-02
Debian
CVE-2015-8568: qemu - Memory leak in QEMU, when built with a VMWARE VMXNET3 paravirtual NIC emulator s...2015

💬Community

3
Bugzilla
CVE-2015-8567 CVE-2015-8568 xen: Qemu: net: vmxnet3: host memory leakage [fedora-all]2015-12-09
Bugzilla
CVE-2015-8567 CVE-2015-8568 Qemu: net: vmxnet3: host memory leakage2015-12-09
Bugzilla
CVE-2015-8567 CVE-2015-8568 Qemu: net: vmxnet3: host memory leakage [fedora-all]2015-12-09