CVE-2015-3209

EPSS 18.0%

xen - security update

發布日:2015/6/15修改日:2026/4/28

描述

Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set.

受影響套件(5)

Debian/qemufrom 0, < 1:2.3+dfsg-6
Debian/qemufrom 0, < 1:2.1+dfsg-12+deb8u1
Debian/qemu-kvmfrom 0, < 1.1.2+dfsg-6+deb7u8
Debian/xenfrom 0, < 4.4.0-1
Debian/xenfrom 0, < 4.1.4-3+deb7u8

參考連結(1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2015-3209