Main Vulnerability Database Vulnerabilities #VU39187

Resource management error in QEMU - CVE-2015-8345

Published: April 13, 2017 / Updated: August 8, 2020

Vulnerability identifier: #VU39187

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2015-8345

CWE-ID: CWE-399

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: QEMU

Affected software:
QEMU

Detailed vulnerability description

The vulnerability allows a local authenticated user to a crash the entire system.

The eepro100 emulator in QEMU qemu-kvm blank allows local guest users to cause a denial of service (application crash and infinite loop) via vectors involving the command block list.

How to mitigate CVE-2015-8345

Install update from vendor's website.

Sources

http://www.debian.org/security/2016/dsa-3469
http://www.debian.org/security/2016/dsa-3470
http://www.debian.org/security/2016/dsa-3471
http://www.openwall.com/lists/oss-security/2015/11/25/11
http://www.securityfocus.com/bid/77985
https://lists.gnu.org/archive/html/qemu-devel/2015-10/msg03911.html
https://security.gentoo.org/glsa/201602-01

Resource management error in QEMU - CVE-2015-8345

Detailed vulnerability description

How to mitigate CVE-2015-8345

Sources

Please verify you're human