CVE-2015-5745

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service (QEMU process crash) via a crafted virtio control message.

References

http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html

http://www.openwall.com/lists/oss-security/2015/08/06/3

http://www.openwall.com/lists/oss-security/2015/08/06/5

https://github.com/qemu/qemu/commit/7882080388be5088e72c425b02223c02e6cb4295

https://lists.gnu.org/archive/html/qemu-devel/2015-07/msg05458.html

Details

Source: MITRE

Published: 2020-01-23

Updated: 2020-01-28

Type: CWE-120

Risk Information

CVSS v2

Base Score: 4

Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 8

Severity: MEDIUM

CVSS v3

Base Score: 6.5

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 2.8

Severity: MEDIUM

Tenable Plugins

View all (18 total)

IDNameProductFamilySeverity
137489EulerOS 2.0 SP2 : qemu-kvm (EulerOS-SA-2020-1647)NessusHuawei Local Security Checks
high
135559EulerOS 2.0 SP3 : qemu-kvm (EulerOS-SA-2020-1430)NessusHuawei Local Security Checks
critical
93180SUSE SLES11 Security Update : kvm (SUSE-SU-2016:1785-1)NessusSuSE Local Security Checks
critical
93170SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2016:1703-1)NessusSuSE Local Security Checks
critical
93169SUSE SLES11 Security Update : kvm (SUSE-SU-2016:1698-1)NessusSuSE Local Security Checks
critical
91980openSUSE Security Update : qemu (openSUSE-2016-839)NessusSuSE Local Security Checks
critical
91660SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2016:1560-1)NessusSuSE Local Security Checks
critical
89456Fedora 22 : xen-4.5.1-9.fc22 (2015-efc1d7ba5e)NessusFedora Local Security Checks
high
89186Fedora 23 : xen-4.5.1-9.fc23 (2015-28cfce6702)NessusFedora Local Security Checks
high
89126Fedora 21 : xen-4.4.3-4.fc21 (2015-015aec3bf2)NessusFedora Local Security Checks
high
88587GLSA-201602-01 : QEMU: Multiple vulnerabilities (Venom)NessusGentoo Local Security Checks
critical
87688FreeBSD : qemu -- buffer overflow vulnerability in virtio-serial message exchanges (21e5abe3-b0c6-11e5-8d13-bc5ff45d0f28)NessusFreeBSD Local Security Checks
medium
85755Debian DSA-3349-1 : qemu-kvm - security updateNessusDebian Local Security Checks
medium
85754Debian DSA-3348-1 : qemu - security updateNessusDebian Local Security Checks
medium
85727Fedora 21 : qemu-2.1.3-9.fc21 (2015-13404)NessusFedora Local Security Checks
high
85683Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : qemu, qemu-kvm vulnerabilities (USN-2724-1)NessusUbuntu Local Security Checks
medium
85592Fedora 23 : qemu-2.4.0-1.fc23 (2015-13358)NessusFedora Local Security Checks
medium
85480Fedora 22 : qemu-2.3.1-1.fc22 (2015-13402)NessusFedora Local Security Checks
medium