PT-2015-1368 · Qemu+3 · Qemu+3

Jan Beulich

Published

2015-06-03

Updated

2024-06-15

CVE-2015-4106

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions QEMU (affected versions not specified)

Description The issue is related to insufficient access control in QEMU, which might allow a local attacker, using an x86 HVM guest, to gain privileges, cause a denial of service (host crash), obtain sensitive information, or have other unspecified impacts. The vulnerability is associated with the emulator's handling of PCI pass-through devices and their PCI config space.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Improper Access Control

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-863

Related Identifiers

ALT-PU-2015-1865

BDU:2015-10460

CVE-2015-4106

DSA-3284-1

DSA-3286-1

MGASA-2015-0310

MGASA-2016-0098

OPENSUSE-SU-2015_1092-1

OPENSUSE-SU-2015_1094-1

OPENSUSE-SU-2024:10196-1

SUSE-SU-2015:1042-1

SUSE-SU-2015:1045-1

SUSE-SU-2015:1156-1

SUSE-SU-2015:1157-1

SUSE-SU-2015:2324-1

USN-2630-1

Affected Products

Alt Linux

Qemu

Suse

Ubuntu

PT-2015-1368 · Qemu+3 · Qemu+3

CVE-2015-4106

Weakness Enumeration

Related Identifiers

Affected Products

References · 321