Denial Of Service (DoS)

2019-01-1509:09:19

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.001 Low

EPSS

Percentile

33.1%

JSON

QEMU is vulnerable to denial of service. A heap-based buffer overflow flaw was discovered in the way QEMU’s AMD PC-Net II Ethernet Controller emulation received certain packets in loopback mode. A privileged user (with the CAP_SYS_RAWIO capability) inside a guest could use this flaw to crash the host QEMU process (resulting in denial of service) or, potentially, execute arbitrary code with privileges of the host QEMU process.

CPENameOperatorVersion
qemu-kvm-rheveq0.12.1.2__2.351.el6
qemu-kvm-rheveq0.12.1.2__2.415.el6_5.8
qemu-kvm-rheveq0.12.1.2__2.415.el6_5.3
qemu-kvm-rheveq0.12.1.2__2.355.el6_4.1
qemu-kvm-rheveq0.12.1.2__2.355.el6_4.5
qemu-kvm-rheveq0.12.1.2__2.448.el6_6.2
qemu-kvm-rheveq0.12.1.2__2.415.el6_5.6
qemu-kvm-rheveq0.12.1.2__2.295.el6_3.8
qemu-kvm-rheveq0.12.1.2__2.355.el6_4.3
qemu-kvm-rheveq0.12.1.2__2.355.el6_4.9

Name	Operator	Version
qemu-kvm-rhev	eq	0.12.1.2__2.351.el6
qemu-kvm-rhev	eq	0.12.1.2__2.415.el6_5.8
qemu-kvm-rhev	eq	0.12.1.2__2.415.el6_5.3
qemu-kvm-rhev	eq	0.12.1.2__2.355.el6_4.1
qemu-kvm-rhev	eq	0.12.1.2__2.355.el6_4.5
qemu-kvm-rhev	eq	0.12.1.2__2.448.el6_6.2
qemu-kvm-rhev	eq	0.12.1.2__2.415.el6_5.6
qemu-kvm-rhev	eq	0.12.1.2__2.295.el6_3.8
qemu-kvm-rhev	eq	0.12.1.2__2.355.el6_4.3
qemu-kvm-rhev	eq	0.12.1.2__2.355.el6_4.9