fkie_cve-2015-8817
Vulnerability from fkie_nvd
Published
2016-12-29 22:59
Modified
2025-04-12 10:46
Severity ?
5.5 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
QEMU (aka Quick Emulator) built to use 'address_space_translate' to map an address to a MemoryRegionSection is vulnerable to an OOB r/w access issue. It could occur while doing pci_dma_read/write calls. Affects QEMU versions >= 1.6.0 and <= 2.3.1. A privileged user inside guest could use this flaw to crash the guest instance resulting in DoS.
References
secalert@redhat.comhttp://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=23820dbfc79d1c9dce090b4c555994f2bb6a69b3
secalert@redhat.comhttp://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=c3c1bb99d1c11978d9ce94d1bdcf0705378c1459
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2016-2670.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2016-2671.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2016-2704.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2016-2705.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2016-2706.html
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2016/03/01/1Mailing List, Patch
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2016/03/01/10Mailing List, Patch
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=1300771Issue Tracking
secalert@redhat.comhttps://lists.gnu.org/archive/html/qemu-stable/2016-01/msg00060.htmlMailing List
af854a3a-2127-422b-91ae-364da2661108http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=23820dbfc79d1c9dce090b4c555994f2bb6a69b3
af854a3a-2127-422b-91ae-364da2661108http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=c3c1bb99d1c11978d9ce94d1bdcf0705378c1459
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2016-2670.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2016-2671.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2016-2704.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2016-2705.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2016-2706.html
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2016/03/01/1Mailing List, Patch
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2016/03/01/10Mailing List, Patch
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=1300771Issue Tracking
af854a3a-2127-422b-91ae-364da2661108https://lists.gnu.org/archive/html/qemu-stable/2016-01/msg00060.htmlMailing List
Impacted products
Vendor Product Version
qemu qemu 1.6.0
qemu qemu 1.6.0
qemu qemu 1.6.0
qemu qemu 1.6.0
qemu qemu 1.6.1
qemu qemu 1.6.2
qemu qemu 1.7.1
qemu qemu 2.0.0
qemu qemu 2.0.0
qemu qemu 2.0.0
qemu qemu 2.0.0
qemu qemu 2.0.0
qemu qemu 2.0.2
qemu qemu 2.1.0
qemu qemu 2.1.0
qemu qemu 2.1.0
qemu qemu 2.1.0
qemu qemu 2.1.0
qemu qemu 2.1.0
qemu qemu 2.1.1
qemu qemu 2.1.2
qemu qemu 2.1.3
qemu qemu 2.2.0
qemu qemu 2.2.1
qemu qemu 2.3.0
qemu qemu 2.3.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB7A7593-FAC0-4336-84AF-EC367059D5C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1E8BE223-9122-416D-AA1D-694B19C80A4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.6.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "331C6EE9-9DA2-4FE1-8446-C9CC21353332",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.6.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "383C575E-724D-4F97-9E0C-CDE50499C3D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEC5BC38-FFBD-4484-943D-47A0AADD20B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "59FC829F-2AC7-4CB5-8F03-967906DE9028",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB18C9B-B1D6-44A6-A1E9-3D258DE797B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.0.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "4745807B-A01D-41AE-8996-495176489A63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.0.0:rc0:*:*:*:*:*:*",
              "matchCriteriaId": "D583599F-AE5E-40E4-8489-62FD1D0A7845",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "DE70D9B7-F422-455F-8413-CF34342B22AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E3946C39-A3D1-4E2B-9C7D-0654D9A644EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.0.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "7F858FD1-58A3-46ED-A3C6-64ECEDF8E458",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3C61AE3-16C8-4EC6-B33D-7E331BEA8F0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A47A306F-4E42-467E-ACDA-62028DC93436",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.1.0:rc0:*:*:*:*:*:*",
              "matchCriteriaId": "F7AE8D2A-FD6E-447F-BDC1-6CAAA0DDB9DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "8E48B585-A3E2-45FC-AA92-5DB57180B7DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "B0D54B9C-8C30-4186-A526-CE8AEE6252BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.1.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "E2F698F7-74B9-4C20-817D-1E8B92460E2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.1.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "C4B9D60F-DC78-4270-A41D-3C29FF53F4AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFAF4478-81BE-4891-8C13-0A8D8FEE46A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E873593D-95A1-4D69-800C-A8DB6A4C26E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9136A0D4-8334-4AC8-9267-8AC8397122CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "08AC240A-4F83-400A-9D89-B5EE4183C7E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3461571-2158-44D9-89E5-5F8A873DEC95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "48D79B3F-F3BD-495E-85F2-8BE40DA4D335",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3982D53A-AB8A-4A68-B7FE-9179FCF1F678",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "QEMU (aka Quick Emulator) built to use \u0027address_space_translate\u0027 to map an address to a MemoryRegionSection is vulnerable to an OOB r/w access issue. It could occur while doing pci_dma_read/write calls. Affects QEMU versions \u003e= 1.6.0 and \u003c= 2.3.1. A privileged user inside guest could use this flaw to crash the guest instance resulting in DoS."
    },
    {
      "lang": "es",
      "value": "QEMU (tambi\u00e9n conocido como Quick Emulator) construido para usar \u0027address_space_translate\u0027 para asignar una direcci\u00f3n a una MemoryRegionSection es vulnerable a un problema de acceso OOB r/w. Podr\u00eda ocurrir mientras se hacen llamadas pci_dma_read/write. Afecta las versiones de QEMU \u003e= 1.6.0 and \u003c= 2.3.1. Un usuario privilegiado dentro del hu\u00e9sped podr\u00eda usar esta falla para bloquear la instancia del hu\u00e9sped resultando en DoS."
    }
  ],
  "id": "CVE-2015-8817",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-12-29T22:59:00.323",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=23820dbfc79d1c9dce090b4c555994f2bb6a69b3"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=c3c1bb99d1c11978d9ce94d1bdcf0705378c1459"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-2670.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-2671.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-2704.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-2705.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-2706.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2016/03/01/1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2016/03/01/10"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300771"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.gnu.org/archive/html/qemu-stable/2016-01/msg00060.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=23820dbfc79d1c9dce090b4c555994f2bb6a69b3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=c3c1bb99d1c11978d9ce94d1bdcf0705378c1459"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-2670.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-2671.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-2704.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-2705.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-2706.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2016/03/01/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2016/03/01/10"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300771"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.gnu.org/archive/html/qemu-stable/2016-01/msg00060.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        },
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.