CVE-2015-7512

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2015-7512
Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet.

9.0 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

6.8 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=8b98a2f07175d46c3f7217639bd5e03f
http://rhn.redhat.com/errata/RHSA-2015-2694.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-2695.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-2696.html Third Party Advisory
http://www.debian.org/security/2016/dsa-3469 Third Party Advisory
http://www.debian.org/security/2016/dsa-3470 Third Party Advisory
http://www.debian.org/security/2016/dsa-3471 Third Party Advisory
http://www.openwall.com/lists/oss-security/2015/11/30/3 Mailing List Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html Third Party Advisory
http://www.securityfocus.com/bid/78230 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1034527 Third Party Advisory VDB Entry
https://security.gentoo.org/glsa/201602-01 Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*
cpe:2.3:a:qemu:qemu:2.5.0:rc0:*:*:*:*:*:*
cpe:2.3:a:qemu:qemu:2.5.0:rc1:*:*:*:*:*:*
cpe:2.3:a:qemu:qemu:2.5.0:rc2:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:6.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:virtualization:3.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 5 (hide)

cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*
History

13 Feb 2023, 00:54

Type Values Removed Values Added
References
  • {'url': 'https://access.redhat.com/errata/RHSA-2015:2696', 'name': 'https://access.redhat.com/errata/RHSA-2015:2696', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2015:2695', 'name': 'https://access.redhat.com/errata/RHSA-2015:2695', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2015:2694', 'name': 'https://access.redhat.com/errata/RHSA-2015:2694', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://bugzilla.redhat.com/show_bug.cgi?id=1285061', 'name': 'https://bugzilla.redhat.com/show_bug.cgi?id=1285061', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/security/cve/CVE-2015-7512', 'name': 'https://access.redhat.com/security/cve/CVE-2015-7512', 'tags': [], 'refsource': 'MISC'}
Summary A buffer overflow flaw was found in the way QEMU's AMD PC-Net II emulation validated certain received packets from a remote host in non-loopback mode. A remote, unprivileged attacker could potentially use this flaw to execute arbitrary code on the host with the privileges of the QEMU process. Note that to exploit this flaw, the guest network interface must have a large MTU limit. Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet.

02 Feb 2023, 15:17

Type Values Removed Values Added
References
  • {'url': 'http://git.qemu.org/?p=qemu.git;a=commit;h=8b98a2f07175d46c3f7217639bd5e03f', 'name': 'http://git.qemu.org/?p=qemu.git;a=commit;h=8b98a2f07175d46c3f7217639bd5e03f', 'tags': ['Patch', 'Vendor Advisory'], 'refsource': 'CONFIRM'}
  • (MISC) https://access.redhat.com/errata/RHSA-2015:2696 -
  • (MISC) http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=8b98a2f07175d46c3f7217639bd5e03f -
  • (MISC) https://access.redhat.com/errata/RHSA-2015:2695 -
  • (MISC) https://access.redhat.com/errata/RHSA-2015:2694 -
  • (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1285061 -
  • (MISC) https://access.redhat.com/security/cve/CVE-2015-7512 -
Summary Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet. A buffer overflow flaw was found in the way QEMU's AMD PC-Net II emulation validated certain received packets from a remote host in non-loopback mode. A remote, unprivileged attacker could potentially use this flaw to execute arbitrary code on the host with the privileges of the QEMU process. Note that to exploit this flaw, the guest network interface must have a large MTU limit.
Information

Published : 2016-01-08 21:59

Updated : 2023-12-10 11:46

NVD link : CVE-2015-7512

Mitre link : CVE-2015-7512

CVE.ORG link : CVE-2015-7512

JSON object : View

Products Affected

redhat

  • enterprise_linux_server
  • enterprise_linux_eus
  • enterprise_linux_desktop
  • enterprise_linux_workstation
  • openstack
  • virtualization

debian

  • debian_linux

qemu

  • qemu

oracle

  • linux
CWE
CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')