CVE-2015-8745Reachable Assertion in Qemu

CWE-617Reachable Assertion10 documents7 sources
Severity
5.5MEDIUMNVD
OSV6.0
EPSS
0.1%
top 79.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
QemuDebian QemuDebian Linux
Timeline
PublishedDec 29
Latest updateMay 13

Description

QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It could occur while reading Interrupt Mask Registers (IMR). A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance resulting in DoS.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

debiandebian/qemu< qemu 1:2.5+dfsg-1 (bookworm)
Debianqemu/qemu< 1:2.5+dfsg-1+3
Ubuntuqemu/qemu< 2.0.0+dfsg-2ubuntu1.22
NVDqemu/qemu2.4.1

Also affects: Debian Linux 8.0

🔴Vulnerability Details

3
GHSA
GHSA-c86g-2x4g-v7wf: QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue2022-05-13
OSV
CVE-2015-8745: QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue2016-12-29
OSV
qemu, qemu-kvm vulnerabilities2016-02-03

📋Vendor Advisories

3
Ubuntu
QEMU vulnerabilities2016-02-03
Red Hat
Qemu: net: vmxnet3: reading IMR registers leads to a crash via assert(2) call2015-10-12
Debian
CVE-2015-8745: qemu - QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator s...2015

💬Community

3
Bugzilla
CVE-2015-8745 xen: qemu: Support reading IMR registers on bar0 [fedora-all]2016-01-04
Bugzilla
CVE-2015-8745 qemu: Support reading IMR registers on bar0 [fedora-all]2016-01-04
Bugzilla
CVE-2015-8745 Qemu: net: vmxnet3: reading IMR registers leads to a crash via assert(2) call2015-10-12