CVE-2015-7512

CVSS V2 Medium 6.8 CVSS V3 Critical 9
Description
Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet.
Overview
  • CVE ID
  • CVE-2015-7512
  • Assigner
  • secalert@redhat.com
  • Vulnerability Status
  • Modified
  • Published Version
  • 2016-01-08T21:59:02
  • Last Modified Date
  • 2023-02-13T00:54:09
Weakness Enumerations
CWE URL
CWE-120 http://cwe.mitre.org/data/definitions/120.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:* 1 OR 2.4.1
cpe:2.3:a:qemu:qemu:2.5.0:rc0:*:*:*:*:*:* 1 OR
cpe:2.3:a:qemu:qemu:2.5.0:rc1:*:*:*:*:*:* 1 OR
cpe:2.3:a:qemu:qemu:2.5.0:rc2:*:*:*:*:*:* 1 OR
AND
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux_eus:6.7:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:* 1 OR
AND
cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:redhat:virtualization:3.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* 1 OR
AND
cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:M/Au:N/C:P/I:P/A:P
  • Access Vector
  • NETWORK
  • Access Compatibility
  • MEDIUM
  • Authentication
  • NONE
  • Confidentiality Impact
  • PARTIAL
  • Integrity Impact
  • PARTIAL
  • Availability Impact
  • PARTIAL
  • Base Score
  • 6.8
  • Severity
  • MEDIUM
  • Exploitability Score
  • 8.6
  • Impact Score
  • 6.4
CVSS Version 3
  • Version
  • 3.1
  • Vector String
  • CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Attack Vector
  • NETWORK
  • Attack Compatibility
  • HIGH
  • Privileges Required
  • NONE
  • User Interaction
  • NONE
  • Scope
  • CHANGED
  • Confidentiality Impact
  • HIGH
  • Availability Impact
  • HIGH
  • Base Score
  • 9
  • Base Severity
  • CRITICAL
  • Exploitability Score
  • 2.2
  • Impact Score
  • 6
References
Reference URL Reference Tags
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=8b98a2f07175d46c3f7217639bd5e03f
http://rhn.redhat.com/errata/RHSA-2015-2694.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-2695.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-2696.html Third Party Advisory
http://www.debian.org/security/2016/dsa-3469 Third Party Advisory
http://www.debian.org/security/2016/dsa-3470 Third Party Advisory
http://www.debian.org/security/2016/dsa-3471 Third Party Advisory
http://www.openwall.com/lists/oss-security/2015/11/30/3 Mailing List Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html Third Party Advisory
http://www.securityfocus.com/bid/78230 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1034527 Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2015:2694
https://access.redhat.com/errata/RHSA-2015:2695
https://access.redhat.com/errata/RHSA-2015:2696
https://access.redhat.com/security/cve/CVE-2015-7512
https://bugzilla.redhat.com/show_bug.cgi?id=1285061
https://security.gentoo.org/glsa/201602-01 Third Party Advisory
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2015-7512
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7512
History
Created Old Value New Value Data Type Notes
2022-05-10 16:24:55 Added to TrackCVE
2022-12-02 07:50:57 2016-01-08T21:59Z 2016-01-08T21:59:02 CVE Published Date updated
2022-12-02 07:50:57 2020-09-09T15:14:13 CVE Modified Date updated
2022-12-02 07:50:57 Analyzed Vulnerability Status updated
2023-02-02 16:05:28 2023-02-02T15:17:07 CVE Modified Date updated
2023-02-02 16:05:28 Analyzed Modified Vulnerability Status updated
2023-02-02 16:05:28 Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet. A buffer overflow flaw was found in the way QEMU's AMD PC-Net II emulation validated certain received packets from a remote host in non-loopback mode. A remote, unprivileged attacker could potentially use this flaw to execute arbitrary code on the host with the privileges of the QEMU process. Note that to exploit this flaw, the guest network interface must have a large MTU limit. Description updated
2023-02-02 16:05:29 References updated
2023-02-13 01:06:26 2023-02-13T00:54:09 CVE Modified Date updated
2023-02-13 01:06:27 A buffer overflow flaw was found in the way QEMU's AMD PC-Net II emulation validated certain received packets from a remote host in non-loopback mode. A remote, unprivileged attacker could potentially use this flaw to execute arbitrary code on the host with the privileges of the QEMU process. Note that to exploit this flaw, the guest network interface must have a large MTU limit. Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet. Description updated