FKIE_CVE-2015-8817

Vulnerability from fkie_nvd - Published: 2016-12-29 22:59 - Updated: 2025-04-12 10:46
Severity ?
5.5 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
QEMU (aka Quick Emulator) built to use 'address_space_translate' to map an address to a MemoryRegionSection is vulnerable to an OOB r/w access issue. It could occur while doing pci_dma_read/write calls. Affects QEMU versions >= 1.6.0 and <= 2.3.1. A privileged user inside guest could use this flaw to crash the guest instance resulting in DoS.
References
secalert@redhat.comhttp://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=23820dbfc79d1c9dce090b4c555994f2bb6a69b3
secalert@redhat.comhttp://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=c3c1bb99d1c11978d9ce94d1bdcf0705378c1459
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2016-2670.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2016-2671.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2016-2704.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2016-2705.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2016-2706.html
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2016/03/01/1Mailing List, Patch
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2016/03/01/10Mailing List, Patch
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=1300771Issue Tracking
secalert@redhat.comhttps://lists.gnu.org/archive/html/qemu-stable/2016-01/msg00060.htmlMailing List
af854a3a-2127-422b-91ae-364da2661108http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=23820dbfc79d1c9dce090b4c555994f2bb6a69b3
af854a3a-2127-422b-91ae-364da2661108http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=c3c1bb99d1c11978d9ce94d1bdcf0705378c1459
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2016-2670.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2016-2671.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2016-2704.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2016-2705.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2016-2706.html
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2016/03/01/1Mailing List, Patch
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2016/03/01/10Mailing List, Patch
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=1300771Issue Tracking
af854a3a-2127-422b-91ae-364da2661108https://lists.gnu.org/archive/html/qemu-stable/2016-01/msg00060.htmlMailing List
Impacted products
Vendor Product Version
qemu qemu 1.6.0
qemu qemu 1.6.0
qemu qemu 1.6.0
qemu qemu 1.6.0
qemu qemu 1.6.1
qemu qemu 1.6.2
qemu qemu 1.7.1
qemu qemu 2.0.0
qemu qemu 2.0.0
qemu qemu 2.0.0
qemu qemu 2.0.0
qemu qemu 2.0.0
qemu qemu 2.0.2
qemu qemu 2.1.0
qemu qemu 2.1.0
qemu qemu 2.1.0
qemu qemu 2.1.0
qemu qemu 2.1.0
qemu qemu 2.1.0
qemu qemu 2.1.1
qemu qemu 2.1.2
qemu qemu 2.1.3
qemu qemu 2.2.0
qemu qemu 2.2.1
qemu qemu 2.3.0
qemu qemu 2.3.1
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB7A7593-FAC0-4336-84AF-EC367059D5C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1E8BE223-9122-416D-AA1D-694B19C80A4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.6.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "331C6EE9-9DA2-4FE1-8446-C9CC21353332",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.6.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "383C575E-724D-4F97-9E0C-CDE50499C3D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEC5BC38-FFBD-4484-943D-47A0AADD20B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "59FC829F-2AC7-4CB5-8F03-967906DE9028",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:1.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB18C9B-B1D6-44A6-A1E9-3D258DE797B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.0.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "4745807B-A01D-41AE-8996-495176489A63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.0.0:rc0:*:*:*:*:*:*",
              "matchCriteriaId": "D583599F-AE5E-40E4-8489-62FD1D0A7845",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "DE70D9B7-F422-455F-8413-CF34342B22AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E3946C39-A3D1-4E2B-9C7D-0654D9A644EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.0.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "7F858FD1-58A3-46ED-A3C6-64ECEDF8E458",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3C61AE3-16C8-4EC6-B33D-7E331BEA8F0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A47A306F-4E42-467E-ACDA-62028DC93436",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.1.0:rc0:*:*:*:*:*:*",
              "matchCriteriaId": "F7AE8D2A-FD6E-447F-BDC1-6CAAA0DDB9DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "8E48B585-A3E2-45FC-AA92-5DB57180B7DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "B0D54B9C-8C30-4186-A526-CE8AEE6252BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.1.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "E2F698F7-74B9-4C20-817D-1E8B92460E2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.1.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "C4B9D60F-DC78-4270-A41D-3C29FF53F4AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFAF4478-81BE-4891-8C13-0A8D8FEE46A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E873593D-95A1-4D69-800C-A8DB6A4C26E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9136A0D4-8334-4AC8-9267-8AC8397122CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "08AC240A-4F83-400A-9D89-B5EE4183C7E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3461571-2158-44D9-89E5-5F8A873DEC95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "48D79B3F-F3BD-495E-85F2-8BE40DA4D335",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:qemu:qemu:2.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3982D53A-AB8A-4A68-B7FE-9179FCF1F678",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "QEMU (aka Quick Emulator) built to use \u0027address_space_translate\u0027 to map an address to a MemoryRegionSection is vulnerable to an OOB r/w access issue. It could occur while doing pci_dma_read/write calls. Affects QEMU versions \u003e= 1.6.0 and \u003c= 2.3.1. A privileged user inside guest could use this flaw to crash the guest instance resulting in DoS."
    },
    {
      "lang": "es",
      "value": "QEMU (tambi\u00e9n conocido como Quick Emulator) construido para usar \u0027address_space_translate\u0027 para asignar una direcci\u00f3n a una MemoryRegionSection es vulnerable a un problema de acceso OOB r/w. Podr\u00eda ocurrir mientras se hacen llamadas pci_dma_read/write. Afecta las versiones de QEMU \u003e= 1.6.0 and \u003c= 2.3.1. Un usuario privilegiado dentro del hu\u00e9sped podr\u00eda usar esta falla para bloquear la instancia del hu\u00e9sped resultando en DoS."
    }
  ],
  "id": "CVE-2015-8817",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-12-29T22:59:00.323",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=23820dbfc79d1c9dce090b4c555994f2bb6a69b3"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=c3c1bb99d1c11978d9ce94d1bdcf0705378c1459"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-2670.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-2671.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-2704.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-2705.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-2706.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2016/03/01/1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2016/03/01/10"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300771"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.gnu.org/archive/html/qemu-stable/2016-01/msg00060.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=23820dbfc79d1c9dce090b4c555994f2bb6a69b3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=c3c1bb99d1c11978d9ce94d1bdcf0705378c1459"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-2670.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-2671.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-2704.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-2705.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-2706.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2016/03/01/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2016/03/01/10"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300771"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.gnu.org/archive/html/qemu-stable/2016-01/msg00060.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        },
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.