CVE-2015-3209

EPSS 18.0%

xen - security update

Published: 6/15/2015Modified: 4/28/2026

Description

Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set.

Affected packages (5)

Debian/qemufrom 0, < 1:2.3+dfsg-6
Debian/qemufrom 0, < 1:2.1+dfsg-12+deb8u1
Debian/qemu-kvmfrom 0, < 1.1.2+dfsg-6+deb7u8
Debian/xenfrom 0, < 4.4.0-1
Debian/xenfrom 0, < 4.1.4-3+deb7u8

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2015-3209