[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-MGASA-2015-0310":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T14:53:31.930Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":32,"duplicates":33,"related":34,"reserved_at":9,"published_at":44,"modified_at":45,"state":9,"summary":46,"references_raw":48,"kevs":73,"epss":9,"epss_history":74,"metrics":75,"affected":76},"MGASA-2015-0310","Updated qemu package fixes security vulnerability\n\nMatt Tait discovered that QEMU incorrectly handled the virtual PCNET\ndriver. A malicious guest could use this issue to cause a denial of\nservice, or possibly execute arbitrary code on the host as the user\nrunning the QEMU process (CVE-2015-3209).\n\nKurt Seifried discovered that QEMU incorrectly handled certain temporary\nfiles. A local attacker could use this issue to cause a denial of service\n(CVE-2015-4037).\n\nJan Beulich discovered that the QEMU Xen code incorrectly restricted write\naccess to the host MSI message data field. A malicious guest could use\nthis issue to cause a denial of service (CVE-2015-4103).\n\nJan Beulich discovered that the QEMU Xen code incorrectly restricted\naccess to the PCI MSI mask bits. A malicious guest could use this issue to\ncause a denial of service (CVE-2015-4104).\n\nJan Beulich discovered that the QEMU Xen code incorrectly handled MSI-X\nerror messages. A malicious guest could use this issue to cause a denial\nof service (CVE-2015-4105).\n\nJan Beulich discovered that the QEMU Xen code incorrectly restricted write\naccess to the PCI config space. A malicious guest could use this issue to\ncause a denial of service, obtain sensitive information, or possibly\nexecute arbitrary code (CVE-2015-4106).\n\nA heap buffer overflow flaw was found in the way QEMU's IDE subsystem\nhandled I/O buffer access while processing certain ATAPI commands.\nA privileged guest user in a guest with the CDROM drive enabled could\npotentially use this flaw to execute arbitrary code on the host with the\nprivileges of the host's QEMU process corresponding to the guest\n(CVE-2015-5154).\n\nAn out-of-bounds memory access flaw, leading to memory corruption or\npossibly an information leak, was found in QEMU's pit_ioport_read()\nfunction. A privileged guest user in a QEMU guest, which had QEMU PIT\nemulation enabled, could potentially, in rare cases, use this flaw to\nexecute arbitrary code on the host with the privileges of the hosting QEMU\nprocess (CVE-2015-3214).\n\nQemu emulator built with the virtio-serial vmchannel support is vulnerable\nto a buffer overflow issue. It could occur while exchanging virtio control\nmessages between guest & the host. A malicious guest could use this flaw\nto corrupt few bytes of Qemu memory area, potentially crashing the Qemu\nprocess (CVE-2015-5745).\n",null,[],[],[],[14,16,18,20,22,24,26,28,30],{"_key":15},"CVE-2015-3209",{"_key":17},"CVE-2015-3214",{"_key":19},"CVE-2015-4037",{"_key":21},"CVE-2015-4103",{"_key":23},"CVE-2015-4104",{"_key":25},"CVE-2015-4105",{"_key":27},"CVE-2015-4106",{"_key":29},"CVE-2015-5154",{"_key":31},"CVE-2015-5745",[],[],[35,36,37,38,39,40,41,42,43],{"_key":15},{"_key":17},{"_key":19},{"_key":21},{"_key":23},{"_key":25},{"_key":27},{"_key":29},{"_key":31},"2015-08-11T20:22:53Z","2026-04-16T06:23:35.491063273Z",{"cisa_kev":47,"cisa_ransomware":47,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[49,55,60,65,69],{"url":50,"sources":51,"tags":53},"https://advisories.mageia.org/MGASA-2015-0310.html",[52],"osv_mageia",[54],"Advisory",{"url":56,"sources":57,"tags":58},"https://bugs.mageia.org/show_bug.cgi?id=16105",[52],[59],"REPORT",{"url":61,"sources":62,"tags":63},"http://www.ubuntu.com/usn/usn-2630-1/",[52],[59,64],"WEB",{"url":66,"sources":67,"tags":68},"https://rhn.redhat.com/errata/RHSA-2015-1507.html",[52],[59,64],{"url":70,"sources":71,"tags":72},"http://openwall.com/lists/oss-security/2015/08/06/5",[52],[59,64],[],[],[],[77,89],{"ecosystem":78,"name":79,"vendor":80,"product":79,"cpe_part":9,"purl_type":81,"purl_namespace":80,"purl_name":79,"source":9,"versions":82},"Mageia","qemu","mageia","rpm",[83],{"version":84,"is_range":85,"range_type":86,"version_start":9,"version_start_type":9,"version_end":87,"version_end_type":88,"fixed_in":9},"lt1_6_2_1_12_mga4",true,"ecosystem","1.6.2-1.12.mga4","excluding",{"ecosystem":78,"name":79,"vendor":80,"product":79,"cpe_part":9,"purl_type":81,"purl_namespace":80,"purl_name":79,"source":9,"versions":90},[91],{"version":92,"is_range":85,"range_type":86,"version_start":9,"version_start_type":9,"version_end":93,"version_end_type":88,"fixed_in":9},"lt2_1_3_2_3_mga5","2.1.3-2.3.mga5"]