CVE-2015-6815
First published: Fri Sep 04 2015(Updated: )
Qemu emulator built with the e1000 NIC emulation support is vulnerable to an infinite loop issue. It could occur while processing transmit descriptor data when sending a network packet. A privileged user inside guest could use this flaw to crash the Qemu instance resulting in DoS. Upstream fix: ------------- -> <a href="https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg01199.html">https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg01199.html</a>
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| QEMU | <2.4.0.1 | |
| Red Hat Fedora | =21 | |
| Red Hat Fedora | =22 | |
| Red Hat Fedora | =23 | |
| SUSE Linux Enterprise Software Development Kit | =11.0-sp3 | |
| SUSE Linux Enterprise Software Development Kit | =11.0-sp4 | |
| SUSE Linux Enterprise Software Development Kit | =12.0 | |
| SUSE Linux Enterprise Debuginfo | =11.0-sp3 | |
| SUSE Linux Enterprise Debuginfo | =11.0-sp4 | |
| SUSE Linux Enterprise Desktop | =11.0-sp3 | |
| SUSE Linux Enterprise Desktop | =11.0-sp4 | |
| SUSE Linux Enterprise Desktop | =12.0 | |
| SUSE Linux Enterprise Server | =11.0-sp3 | |
| SUSE Linux Enterprise Server | =11.0-sp4 | |
| SUSE Linux Enterprise Server | =12.0 | |
| Ubuntu | =12.04 | |
| Ubuntu | =14.04 | |
| Ubuntu | =15.04 | |
| Red Hat OpenStack for IBM Power | =5.0 | |
| Red Hat OpenStack for IBM Power | =6.0 | |
| Red Hat OpenStack for IBM Power | =7.0 | |
| Red Hat Enterprise Linux | =5.0 | |
| Red Hat Enterprise Linux | =6.0 | |
| Red Hat Enterprise Linux | =7.0 | |
| Xen XAPI | =4.4.3 | |
| Xen XAPI | =4.5.1 | |
| Arista EOS | =4.12 | |
| Arista EOS | =4.13 | |
| Arista EOS | =4.14 | |
| Arista EOS | =4.15 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg01199.html
- https://access.redhat.com/support/policy/updates/errata/
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1260224
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1260225
- https://access.redhat.com/security/cve/CVE-2015-6815
- http://openwall.com/lists/oss-security/2015/09/05/5
- https://bugzilla.redhat.com/show_bug.cgi?id=1260076
- http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html
- http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00005.html
- http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00011.html
- http://www.openwall.com/lists/oss-security/2015/09/04/4
- http://www.openwall.com/lists/oss-security/2015/09/05/5
- http://www.ubuntu.com/usn/USN-2745-1
- https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg05832.html
- https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14
Frequently Asked Questions
What is the severity of CVE-2015-6815?
CVE-2015-6815 is classified as a moderate severity vulnerability due to its potential to cause denial of service.
How do I fix CVE-2015-6815?
To fix CVE-2015-6815, upgrade to a patched version of QEMU that addresses the infinite loop issue.
Who is affected by CVE-2015-6815?
CVE-2015-6815 affects QEMU users running versions prior to 2.4.0.1 across several operating systems like Fedora, Ubuntu, and SUSE.
How does CVE-2015-6815 impact system security?
CVE-2015-6815 allows a privileged user inside a guest to crash the QEMU instance, leading to potential service disruptions.
What specific versions are vulnerable to CVE-2015-6815?
Vulnerable versions of QEMU to CVE-2015-6815 include all versions prior to 2.4.0.1.
- agent/type
- agent/remedy
- agent/first-publish-date
- agent/references
- agent/weakness
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2015-6815
- agent/trending
- agent/source
- agent/author
- collector/nvd-api
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- vendor/qemu
- canonical/qemu
- vendor/fedoraproject
- canonical/red hat fedora
- version/red hat fedora/21
- version/red hat fedora/22
- version/red hat fedora/23
- vendor/novell
- canonical/suse linux enterprise software development kit
- version/suse linux enterprise software development kit/11.0-sp3
- version/suse linux enterprise software development kit/11.0-sp4
- version/suse linux enterprise software development kit/12.0
- canonical/suse linux enterprise debuginfo
- version/suse linux enterprise debuginfo/11.0-sp3
- version/suse linux enterprise debuginfo/11.0-sp4
- canonical/suse linux enterprise desktop
- version/suse linux enterprise desktop/11.0-sp3
- version/suse linux enterprise desktop/11.0-sp4
- version/suse linux enterprise desktop/12.0
- canonical/suse linux enterprise server
- version/suse linux enterprise server/11.0-sp3
- version/suse linux enterprise server/11.0-sp4
- version/suse linux enterprise server/12.0
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/12.04
- version/ubuntu/14.04
- version/ubuntu/15.04
- vendor/redhat
- canonical/red hat openstack for ibm power
- version/red hat openstack for ibm power/5.0
- version/red hat openstack for ibm power/6.0
- version/red hat openstack for ibm power/7.0
- canonical/red hat enterprise linux
- version/red hat enterprise linux/5.0
- version/red hat enterprise linux/6.0
- version/red hat enterprise linux/7.0
- vendor/xen
- canonical/xen xapi
- version/xen xapi/4.4.3
- version/xen xapi/4.5.1
- vendor/arista
- canonical/arista eos
- version/arista eos/4.12
- version/arista eos/4.13
- version/arista eos/4.14
- version/arista eos/4.15