CVE-2015-7549

Loading...

General

Score:2.1/10.0
Severity:Low
Category:Implementation Error
Exploit:Available

Impact Metrics

Confidentiality:None
Integrity:None
Availability:Partial

Exploitability Metrics

Access Vector:Local
Access Complexity:Low
Authentication:None

Relative vulnerabilities

CVE-2013-4527, CVE-2013-4529, CVE-2013-4530, CVE-2013-4533, CVE-2013-4534, CVE-2013-4537, CVE-2013-4538, CVE-2013-4539, CVE-2014-0222, CVE-2014-3615, CVE-2014-3640, CVE-2014-3689, CVE-2014-7815, CVE-2014-9718, CVE-2015-1779, CVE-2015-3214, CVE-2015-5239, CVE-2015-5278, CVE-2015-5279, CVE-2015-5745, CVE-2015-6855, CVE-2015-7295, CVE-2015-7504, CVE-2015-7512, CVE-2015-8345, CVE-2015-8504, CVE-2015-8550, CVE-2015-8554, CVE-2015-8555, CVE-2015-8558, CVE-2015-8567, CVE-2015-8568, CVE-2015-8613, CVE-2015-8619, CVE-2015-8666, CVE-2015-8743, CVE-2015-8744, CVE-2015-8745, CVE-2015-8817, CVE-2015-8818, CVE-2016-1568, CVE-2016-1570, CVE-2016-1571, CVE-2016-1714, CVE-2016-1922, CVE-2016-1981, CVE-2016-2197, CVE-2016-2198, CVE-2016-2270, CVE-2016-2271, CVE-2016-2391, CVE-2016-2392, CVE-2016-2538, CVE-2016-2841, CVE-2016-2857, CVE-2016-2858, CVE-2016-3710, CVE-2016-3712, CVE-2016-4001, CVE-2016-4002, CVE-2016-4020, CVE-2016-4037, CVE-2016-4439, CVE-2016-4441, CVE-2016-4952

Published on 30/10/17 - Updated on 21/11/17

Description

The MSI-X MMIO support in hw/pci/msix.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by leveraging failure to define the .write method.

Category: Implementation Error

CWE-476 (NULL Pointer Dereference)
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Security Notices

US National Vulnerability DatabaseCVE-2015-7549
Debian DSA-3471-1
SUSE SUSE-SU-2016:0873, SUSE-SU-2016:0955, SUSE-SU-2016:1318, SUSE-SU-2016:1560, SUSE-SU-2016:1698, SUSE-SU-2016:1703, SUSE-SU-2016:1785
Ubuntu USN-2891-1

Exploits

SecurityFocusBID-80761

Relative technologies

No affected technologies published yet by authorities.

Share this vulnerability with:

Twitter Facebook LinkedIn Mail