ID CVE-2015-7549
Summary The MSI-X MMIO support in hw/pci/msix.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by leveraging failure to define the .write method.
References
Vulnerable Configurations
  • cpe:2.3:a:qemu:qemu:*:r1:*:*:*:*:*:*
    cpe:2.3:a:qemu:qemu:*:r1:*:*:*:*:*:*
CVSS
Base: 2.1 (as of 21-11-2017 - 15:31)
Impact:
Exploitability:
CWE CWE-476
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:L/AC:L/Au:N/C:N/I:N/A:P
refmap via4
bid 80761
confirm
debian DSA-3471
fedora FEDORA-2016-e9bba2bb01
gentoo GLSA-201602-01
mlist [oss-security] 20151214 CVE-2015-7549 Qemu: pci: msi-x: null pointer dereference issue
Last major update 21-11-2017 - 15:31
Published 30-10-2017 - 14:29
Back to Top