Wind River Support Network

HomeDefectsLIN6-10908
Fixed

LIN6-10908 : Security Advisory - qemu - CVE-2015-7504

Created: Feb 18, 2016    Updated: Dec 3, 2018
Resolved Date: Mar 4, 2016
Found In Version: 6.0
Fix Version: 6.0.0.29
Severity: Standard
Applicable for: Wind River Linux 6
Component/s: Userspace

Description

A heap-based buffer overflow flaw was discovered in the way QEMU's AMD PC-Net II Ethernet Controller emulation received certain packets in loopback mode. A privileged user (with the CAP_SYS_RAWIO capability) inside a guest could use this flaw to crash the host QEMU process (resulting in denial of service) or, potentially, execute arbitrary code with privileges of the host QEMU process.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7504

Other Downloads


Live chat
Online