ID CVE-2015-8567
Summary Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption).
References
Vulnerable Configurations
  • cpe:2.3:a:qemu:qemu:-:*:*:*:*:*:*:*
    cpe:2.3:a:qemu:qemu:-:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:novell:suse_linux_enterprise_desktop:11.0:sp2:*:*:*:*:*:*
    cpe:2.3:o:novell:suse_linux_enterprise_desktop:11.0:sp2:*:*:*:*:*:*
  • cpe:2.3:o:novell:suse_linux_enterprise_desktop:11.0:sp3:*:*:*:*:*:*
    cpe:2.3:o:novell:suse_linux_enterprise_desktop:11.0:sp3:*:*:*:*:*:*
  • cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:*:*:*:*:*:*:*
    cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:*:*:*:*:*:*:*
  • cpe:2.3:o:novell:suse_linux_enterprise_module_for_legacy_software:12:*:*:*:*:*:*:*
    cpe:2.3:o:novell:suse_linux_enterprise_module_for_legacy_software:12:*:*:*:*:*:*:*
  • cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp2:*:*:*:vmware:*:*
    cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp2:*:*:*:vmware:*:*
  • cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp2:*:*:ltss:*:*:*
    cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp2:*:*:ltss:*:*:*
  • cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp3:*:*:ltss:*:*:*
    cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp3:*:*:ltss:*:*:*
  • cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:*:*:*:*:*:*:*
    cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:*:*:*:*:*:*:*
  • cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:sp1:*:*:*:*:*:*
    cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:sp1:*:*:*:*:*:*
  • cpe:2.3:o:novell:suse_linux_enterprise_software_development_kit:11.0:sp4:*:*:*:*:*:*
    cpe:2.3:o:novell:suse_linux_enterprise_software_development_kit:11.0:sp4:*:*:*:*:*:*
  • cpe:2.3:o:novell:suse_linux_enterprise_software_development_kit:12.0:sp1:*:*:*:*:*:*
    cpe:2.3:o:novell:suse_linux_enterprise_software_development_kit:12.0:sp1:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 30-10-2018 - 16:27)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:S/C:N/I:N/A:C
refmap via4
bid 79721
debian DSA-3471
fedora
  • FEDORA-2016-275e9ff483
  • FEDORA-2016-2c15b72b01
  • FEDORA-2016-42778e8c82
  • FEDORA-2016-e1784417af
gentoo GLSA-201602-01
mlist
  • [oss-security] 20151215 Re: CVE request Qemu: net: vmxnet3: host memory leakage
  • [qemu-devel] 20151215 Re: [Qemu-devel] net: vmxnet3: memory leakage issue
suse
  • SUSE-SU-2016:0873
  • SUSE-SU-2016:0955
  • SUSE-SU-2016:1318
  • SUSE-SU-2016:1560
  • SUSE-SU-2016:1703
  • openSUSE-SU-2016:0123
  • openSUSE-SU-2016:0126
  • openSUSE-SU-2016:1750
ubuntu USN-2891-1
Last major update 30-10-2018 - 16:27
Published 13-04-2017 - 17:59
Back to Top