MGASA-2015-0149

Advisory lineage Upstream: 1 Downstream: 0

Upstream

CVE-2015-1779

Published: 15 Apr 2015, 09:01

Last modified:16 Apr 2026, 06:25

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

15 Apr 2015, 09:01

Published

Vulnerability first disclosed

16 Apr 2026, 06:25

Last Modified

Vulnerability information updated

Description

Updated qemu packages fix security vulnerabilities Updated qemu packages fix security vulnerabilities: A denial of service flaw was found in the way QEMU handled malformed Physical Region Descriptor Table (PRDT) data sent to the host's IDE and/or AHCI controller emulation. A privileged guest user could use this flaw to crash the system (rhbz#1204919). It was found that the QEMU's websocket frame decoder processed incoming frames without limiting resources used to process the header and the payload. An attacker able to access a guest's VNC console could use this flaw to trigger a denial of service on the host by exhausting all available memory and CPU (CVE-2015-1779).

Affected Systems

mageia•qemu
< 1.6.2-1.9.mga4

MGASA-2015-0149

Vulnerability Summary

Timeline

Description

Affected Systems

References (3)