Wind River Support Network

HomeDefectsLIN6-10538
Fixed

LIN6-10538 : Security Advisory - qemu - CVE-2015-6855

Created: Nov 13, 2015    Updated: Dec 3, 2018
Resolved Date: Nov 19, 2015
Found In Version: 6.0.0.26
Fix Version: 6.0.0.27
Severity: Standard
Applicable for: Wind River Linux 6
Component/s: Userspace

Description

hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-6855

Other Downloads


Live chat
Online