High Severity Vulnerability
This vulnerability has been rated as High severity. Immediate action is recommended.
CVE-2015-8567
High
Low
Medium
High
Critical
7.7
CVSS Score
Vulnerability Description
Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption).
CVSS Metrics
Common Vulnerability Scoring System
Vector String:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Attack Vector
N
Attack Complexity
L
Privileges Required
L
User Interaction
N
Scope
C
Confidentiality
N
Integrity
N
Availability
H
Known Affected Software
15 configuration(s) from 5 vendor(s)
ubuntu_linux
Version:
14.04
CPE:
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
ubuntu_linux
Version:
15.10
CPE:
cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
ubuntu_linux
Version:
12.04
CPE:
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
debian_linux
Version:
8.0
CPE:
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
fedora
Version:
22
CPE:
cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
fedora
Version:
23
CPE:
cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
opensuse
Version:
13.2
CPE:
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
leap
Version:
42.1
CPE:
cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
linux_enterprise_debuginfo
Version:
11
CPE:
cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp1:*:*:*:*:*:*
linux_enterprise_server
Version:
12
CPE:
cpe:2.3:o:suse:linux_enterprise_server:12:sp5:*:*:-:*:*:*
linux_enterprise_server
Version:
11
CPE:
cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:-:*:*:*
linux_enterprise_desktop
Version:
12
CPE:
cpe:2.3:o:suse:linux_enterprise_desktop:12:sp4:*:*:*:*:*:*
linux_enterprise_desktop
Version:
11
CPE:
cpe:2.3:o:suse:linux_enterprise_desktop:11:-:*:*:*:*:*:*
linux_enterprise_software_development_kit
Version:
11
CPE:
cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:-:*:*:*:*:*:*
linux_enterprise_software_development_kit
Version:
12
CPE:
cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-:*:*:*:*:*:*
This vulnerability affects 15 software configuration(s). Ensure you patch all affected systems.
References & Resources
-
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176503.htmlsecalert@redhat.com Third Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176558.htmlsecalert@redhat.com Third Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175967.htmlsecalert@redhat.com Third Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176300.htmlsecalert@redhat.com Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00010.htmlsecalert@redhat.com Mailing List Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00012.htmlsecalert@redhat.com Mailing List Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00087.htmlsecalert@redhat.com Mailing List Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00002.htmlsecalert@redhat.com Mailing List Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00049.htmlsecalert@redhat.com Mailing List Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00017.htmlsecalert@redhat.com Mailing List Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00058.htmlsecalert@redhat.com Mailing List Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00003.htmlsecalert@redhat.com Mailing List Third Party Advisory
-
http://www.debian.org/security/2016/dsa-3471secalert@redhat.com Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2015/12/15/10secalert@redhat.com Mailing List Third Party Advisory
-
http://www.securityfocus.com/bid/79721secalert@redhat.com Mailing List Third Party Advisory VDB Entry
-
http://www.ubuntu.com/usn/USN-2891-1secalert@redhat.com Third Party Advisory
-
https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg02299.htmlsecalert@redhat.com Mailing List Patch Third Party Advisory
-
https://security.gentoo.org/glsa/201602-01secalert@redhat.com Third Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176503.htmlaf854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176558.htmlaf854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175967.htmlaf854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176300.htmlaf854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00010.htmlaf854a3a-2127-422b-91ae-364da2661108 Mailing List Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00012.htmlaf854a3a-2127-422b-91ae-364da2661108 Mailing List Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00087.htmlaf854a3a-2127-422b-91ae-364da2661108 Mailing List Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00002.htmlaf854a3a-2127-422b-91ae-364da2661108 Mailing List Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00049.htmlaf854a3a-2127-422b-91ae-364da2661108 Mailing List Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00017.htmlaf854a3a-2127-422b-91ae-364da2661108 Mailing List Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00058.htmlaf854a3a-2127-422b-91ae-364da2661108 Mailing List Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00003.htmlaf854a3a-2127-422b-91ae-364da2661108 Mailing List Third Party Advisory
-
http://www.debian.org/security/2016/dsa-3471af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2015/12/15/10af854a3a-2127-422b-91ae-364da2661108 Mailing List Third Party Advisory
-
http://www.securityfocus.com/bid/79721af854a3a-2127-422b-91ae-364da2661108 Mailing List Third Party Advisory VDB Entry
-
http://www.ubuntu.com/usn/USN-2891-1af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg02299.htmlaf854a3a-2127-422b-91ae-364da2661108 Mailing List Patch Third Party Advisory
-
https://security.gentoo.org/glsa/201602-01af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
Severity Details
7.7
out of 10.0
High
Weakness Type (CWE)
CWE-401
Missing Release of Memory after Effective Lifetime
- Description
- The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
- Exploit Likelihood
- Medium
- Typical Severity
- High
- Abstraction Level
- Variant
Key Information
- Published Date
- April 13, 2017
