Base Score

MEDIUM6

CVE-2015-7549

The MSI-X MMIO support in hw/pci/msix.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by leveraging failure to define the .write method.

VectorLOCAL

Published Bysecalert@redhat.com

Published DateOct 30, 2017, 14:29

Weakness Type (CWE):CWE-476

CVSS Metrics

Base Score

Vector String

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

Base Severity

MEDIUM

Version

3.0

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

LOW

Privileges Required (PR)

HIGH

User Interaction (UI)

NONE

Scope (S)

CHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

HIGH

References

http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=43b11a91dd861a946b231b89b754285
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175380.html
http://www.debian.org/security/2016/dsa-3471
http://www.openwall.com/lists/oss-security/2015/12/14/2
http://www.securityfocus.com/bid/80761
https://bugzilla.redhat.com/show_bug.cgi?id=1291137
https://security.gentoo.org/glsa/201602-01

Base Score

MEDIUM6

Weakness Type (CWE):CWE-476

CVSS Metrics

Base Score

Vector String

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

Base Severity

MEDIUM

Version

3.0

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

LOW

Privileges Required (PR)

HIGH

User Interaction (UI)

NONE

Scope (S)

CHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

HIGH