The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors. CREATE(Triage):(User=admin) CVE-2015-6815 (https://nvd.nist.gov/vuln/detail/CVE-2015-6815)
