CVE-2015-8619MEDIUM
Description
The Human Monitor Interface support in QEMU allows remote attackers to cause a denial of service (out-of-bounds write and application crash).
References
http://www.debian.org/security/2016/dsa-3471
http://www.openwall.com/lists/oss-security/2015/12/23/1
http://www.securityfocus.com/bid/79668
https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg02930.html
Details
Source: MITRE
Published: 2017-04-13
Updated: 2020-12-14
Type: CWE-787
Risk Information
CVSS v2.0
Base Score: 5
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact Score: 2.9
Exploitability Score: 10
Severity: MEDIUM
CVSS v3.0
Base Score: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Impact Score: 3.6
Exploitability Score: 3.9
Severity: HIGH
Vulnerable Software
Configuration 1
OR
cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:* versions up to 2.5.1.1 (inclusive)
Configuration 2
OR
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 93180 | SUSE SLES11 Security Update : kvm (SUSE-SU-2016:1785-1) | Nessus | SuSE Local Security Checks | high |
| 93170 | SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2016:1703-1) | Nessus | SuSE Local Security Checks | high |
| 93169 | SUSE SLES11 Security Update : kvm (SUSE-SU-2016:1698-1) | Nessus | SuSE Local Security Checks | high |
| 91980 | openSUSE Security Update : qemu (openSUSE-2016-839) | Nessus | SuSE Local Security Checks | high |
| 91660 | SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2016:1560-1) | Nessus | SuSE Local Security Checks | high |
| 91249 | SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2016:1318-1) | Nessus | SuSE Local Security Checks | high |
| 90478 | openSUSE Security Update : xen (openSUSE-2016-439) | Nessus | SuSE Local Security Checks | critical |
| 90396 | SUSE SLED11 / SLES11 Security Update : xen (SUSE-SU-2016:0955-1) | Nessus | SuSE Local Security Checks | high |
| 90339 | GLSA-201604-01 : QEMU: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | medium |
| 90260 | openSUSE Security Update : xen (openSUSE-2016-413) | Nessus | SuSE Local Security Checks | critical |
| 90186 | SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2016:0873-1) | Nessus | SuSE Local Security Checks | high |
| 89605 | Fedora 22 : qemu-2.3.1-12.fc22 (2016-be042f7e6f) | Nessus | Fedora Local Security Checks | medium |
| 89599 | Fedora 23 : qemu-2.4.1-7.fc23 (2016-b49aaf2c56) | Nessus | Fedora Local Security Checks | medium |
| 88630 | Debian DSA-3471-1 : qemu - security update | Nessus | Debian Local Security Checks | high |
| 88576 | Ubuntu 12.04 LTS / 14.04 LTS / 15.10 : qemu, qemu-kvm vulnerabilities (USN-2891-1) | Nessus | Ubuntu Local Security Checks | high |
| 87695 | FreeBSD : qemu -- denial of service vulnerability in Human Monitor Interface support (62ab8707-b1bc-11e5-9728-002590263bf5) | Nessus | FreeBSD Local Security Checks | medium |