CVE-2015-6815
Advisory lineage Upstream: 0 Downstream: 15
Modified
Published: 31 Jan 2020, 21:38
Last modified:06 Aug 2024, 07:29
Vulnerability Summary
Overall Risk (default)
low
14/100 CVSS Score
3.5 LOW
v3.1 (nvd)
EPSS Score
1.57% LOW
2% probability -0.67%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
31 Jan 2020, 21:38
Published
Vulnerability first disclosed
06 Aug 2024, 07:29
Last Modified
Vulnerability information updated
Description
The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors.
CVSS Metrics
- v3.1•LOW•Score: 3.5CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
- v2.0•LOW•Score: 2.7AV:A/AC:L/Au:S/C:N/I:N/A:P
EPSS Trends
Current EPSS score: 1.57%• Percentile: 82%
Techniques & Countermeasures
- CWE-835•Loop with Unreachable Exit Condition ('Infinite Loop')
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
Affected Systems
- arista•eos
4.12 | 4.13 | 4.14 | 4.15
- canonical•ubuntu_linux
12.04 | 14.04 | 15.04
- fedoraproject•fedora
21 | 22 | 23
- novell•suse_linux_enterprise_debuginfo
11.0:sp3 | 11.0:sp4
- novell•suse_linux_enterprise_desktop
11.0:sp3 | 11.0:sp4 | 12.0
- novell•suse_linux_enterprise_server
11.0:sp3 | 11.0:sp4 | 12.0
- novell•suse_linux_enterprise_software_development_kit
11.0:sp3 | 11.0:sp4 | 12.0
- qemu•qemu
< 2.4.0.1
- redhat•enterprise_linux
5.0 | 6.0 | 7.0
- redhat•openstack
5.0 | 6.0 | 7.0
- xen•xen
4.4.3 | 4.5.1
References (13)
- http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00026.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html
- http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00005.html
- http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00011.html
- http://www.ubuntu.com/usn/USN-2745-1
- http://www.openwall.com/lists/oss-security/2015/09/04/4
- http://www.openwall.com/lists/oss-security/2015/09/05/5
- https://bugzilla.redhat.com/show_bug.cgi?id=1260076
- https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg01199.html
- https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg05832.html
- https://www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14