Showing 1 - 3 of 3

CVE-2015-2756

Status Candidate

Overview

QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict access to PCI command registers, which might allow local HVM guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response.

Related Files

Ubuntu Security Notice USN-2608-1: Posted May 13, 2015; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 2608-1 - Jason Geffner discovered that QEMU incorrectly handled the virtual floppy driver. This issue is known as VENOM. A malicious guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. Daniel P. Berrange discovered that QEMU incorrectly handled VNC websockets. A remote attacker could use this issue to cause QEMU to consume memory, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 14.10 and Ubuntu 15.04. Various other issues were also addressed.; tags | advisory, remote, denial of service, arbitrary; systems | linux, ubuntu; advisories | CVE-2015-1779, CVE-2015-2756, CVE-2015-3456; SHA-256 | 8016922249d1200857b855be754556a4986b2239c15572207796d8c4f2e6d88f; Download | Favorite | View

Debian Security Advisory 3259-1: Posted May 13, 2015; Authored by Debian | Site debian.org; Debian Linux Security Advisory 3259-1 - Several vulnerabilities were discovered in the qemu virtualisation solution.; tags | advisory, vulnerability; systems | linux, debian; advisories | CVE-2014-9718, CVE-2015-1779, CVE-2015-2756, CVE-2015-3456; SHA-256 | 0023f319a16ece6a882500e80e69ae44288802e335ef47565d8d36f8fc537ea8; Download | Favorite | View

Gentoo Linux Security Advisory 201504-04: Posted Apr 13, 2015; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 201504-4 - Multiple vulnerabilities have been found in Xen, the worst of which can allow remote attackers to cause a Denial of Service condition. Versions less than 4.4.2-r1 are affected.; tags | advisory, remote, denial of service, vulnerability; systems | linux, gentoo; advisories | CVE-2013-2212, CVE-2013-3495, CVE-2014-3967, CVE-2014-3968, CVE-2014-5146, CVE-2014-5149, CVE-2014-8594, CVE-2014-8595, CVE-2014-8866, CVE-2014-8867, CVE-2014-9030, CVE-2014-9065, CVE-2014-9066, CVE-2015-0361, CVE-2015-2044, CVE-2015-2045, CVE-2015-2152, CVE-2015-2751, CVE-2015-2752, CVE-2015-2756; SHA-256 | 2502e45c47e6b01b6b3a981d284f6ec59e302110b8448a83b082f2cce67992e2; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 242 files
Ubuntu 93 files
Gentoo 31 files
Debian 21 files
tmrswrr 9 files
Sina Kheirkhah 7 files
bRpsd 4 files
Amit Roy 4 files
Aslam Anwar Mahimkar 3 files
nu11secur1ty 3 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,075)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,531)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,322)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,252)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,647)
UNIX (9,424)
UnixWare (187)
Windows (6,665)
Other

CVE-2015-2756

Overview

Related Files

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems