CVE-2015-8744Improper Input Validation in Qemu

CWE-20Improper Input ValidationCWE-617Reachable Assertion10 documents7 sources
Severity
5.5MEDIUMNVD
OSV6.0
EPSS
0.1%
top 79.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
QemuDebian QemuDebian Linux
Timeline
PublishedDec 29
Latest updateMay 13

Description

QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It occurs when a guest sends a Layer-2 packet smaller than 22 bytes. A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance resulting in DoS.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

debiandebian/qemu< qemu 1:2.5+dfsg-1 (bookworm)
Debianqemu/qemu< 1:2.5+dfsg-1+3
Ubuntuqemu/qemu< 2.0.0+dfsg-2ubuntu1.22
NVDqemu/qemu2.4.1

Also affects: Debian Linux 8.0

🔴Vulnerability Details

3
GHSA
GHSA-5hxw-v9gx-rf25: QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue2022-05-13
OSV
CVE-2015-8744: QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue2016-12-29
OSV
qemu, qemu-kvm vulnerabilities2016-02-03

📋Vendor Advisories

3
Ubuntu
QEMU vulnerabilities2016-02-03
Red Hat
Qemu: net: vmxnet3: incorrect l2 header validation leads to a crash via assert(2) call2015-10-12
Debian
CVE-2015-8744: qemu - QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator s...2015

💬Community

3
Bugzilla
CVE-2015-8744 qemu: Incorrect l2 header validation causes crash for packets shorter than 22 bytes [fedora-all]2016-01-04
Bugzilla
CVE-2015-8744 xen: qemu: Incorrect l2 header validation causes crash for packets shorter than 22 bytes [fedora-all]2016-01-04
Bugzilla
CVE-2015-8744 Qemu: net: vmxnet3: incorrect l2 header validation leads to a crash via assert(2) call2015-10-12