CVE-2015-8568

Advisory lineage Upstream: 0 Downstream: 11

Downstream

DEBIAN-CVE-2015-8568 DSA-3471-1 MGASA-2016-0023 OPENSUSE-SU-2024:10196-1 SUSE-SU-2016:0873-1 SUSE-SU-2016:0955-1

Modified

Published: 11 Apr 2017, 19:00

Last modified:06 Aug 2024, 08:20

Vulnerability Summary

Overall Risk (default)

medium

26/100

CVSS Score

6.5 MEDIUM

v3.1 (nvd)

EPSS Score

0.06% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

11 Apr 2017, 19:00

Published

Vulnerability first disclosed

06 Aug 2024, 08:20

Last Modified

Vulnerability information updated

Description

Memory leak in QEMU, when built with a VMWARE VMXNET3 paravirtual NIC emulator support, allows local guest users to cause a denial of service (host memory consumption) by trying to activate the vmxnet3 device repeatedly.

CVSS Metrics

v3.1•MEDIUM•Score: 6.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
v2.0•MEDIUM•Score: 4.7AV:L/AC:M/Au:N/C:N/I:N/A:C

EPSS Trends

Current EPSS score: 0.06%• Percentile: 19%

Techniques & Countermeasures

CWE-772•Missing Release of Resource after Effective Lifetime
The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.

Affected Systems

debian•debian_linux
8.0
qemu•qemu
≤ 2.5.1