CVE-2015-7512

Published: Jan 8, 2016Modified: May 6, 2026

9.0

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Exploitability: 2.2 / Impact: 6.0

Source: NVD

Description

Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet.

Affected (12)

Products: Qemu: Qemu · Redhat: Enterprise Linux Desktop, Enterprise Linux Eus, Enterprise Linux Workstation, Openstack, Virtualization · Debian: Debian Linux · +1 more

Show all products

Qemu: Qemu · Redhat: Enterprise Linux Desktop, Enterprise Linux Eus, Enterprise Linux Workstation, Openstack, Virtualization · Debian: Debian Linux · Oracle: Linux

Qemu

1 product

Qemu

Redhat

5 products

Enterprise Linux Desktop

Enterprise Linux Eus

Enterprise Linux Workstation

1 product

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Qemu Qemu	Up to 2.4.1
Qemu Qemu	Version 2.5.0 rc0
Qemu Qemu	Version 2.5.0 rc1
Qemu Qemu	Version 2.5.0 rc2

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Desktop	Version 6.0
Redhat Enterprise Linux Eus	Version 6.7
Redhat Enterprise Linux Workstation	Version 6.0

Configuration C

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Redhat Openstack	Version 5.0
Redhat Virtualization	Version 3.0

Running on/with	Platform Versions
Redhat Enterprise Linux Server	Version 6.0

Configuration D

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 7.0
Debian Debian Linux	Version 8.0

Configuration E

1 vulnerable

Vulnerable Software	Affected Versions
Oracle Linux	Version 6

Related CWEs

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (24)

http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=8b98a2f07175d46c3f7217639bd5e03f

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2015-2694.html

Source: secalert@redhat.com

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2015-2695.html

Source: secalert@redhat.com

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2015-2696.html

Source: secalert@redhat.com

Third Party Advisory

http://www.debian.org/security/2016/dsa-3469

Source: secalert@redhat.com

Third Party Advisory

http://www.debian.org/security/2016/dsa-3470

Source: secalert@redhat.com

Third Party Advisory

http://www.debian.org/security/2016/dsa-3471

Source: secalert@redhat.com

Third Party Advisory

http://www.openwall.com/lists/oss-security/2015/11/30/3

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

Source: secalert@redhat.com

Third Party Advisory

http://www.securityfocus.com/bid/78230

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1034527

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

https://security.gentoo.org/glsa/201602-01

Source: secalert@redhat.com

Third Party Advisory

http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=8b98a2f07175d46c3f7217639bd5e03f