CVE-2015-6855

Severity

99%

Complexity

99%

Confidentiality

165%

hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash.

hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash.

CVSS 2.0 Base Score 9.9. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C).

Overview

First reported 9 years ago

2015-11-06 21:59:00

Last updated 7 years ago

2017-07-01 01:29:00

Affected Software

QEMU

Debian Linux 7.0

7.0

Debian Linux 8.0 (Jessie)

8.0

Fedora 21

21

Fedora 22

22

Fedora Project Fedora 23

23

Novell SUSE Linux Enterprise Desktop 12.0

12.0

Novell SUSE Linux Enterprise Server 12.0

12.0

References

FEDORA-2015-8dc71ade88

FEDORA-2015-16369

FEDORA-2015-16368

FEDORA-2015-4896530727

FEDORA-2015-d6ea74993a

FEDORA-2015-16370

SUSE-SU-2015:1782

DSA-3361

DSA-3362

[oss-security] 20150910 CVE request Qemu: ide: divide by zero issue

[oss-security] 20150910 Re: CVE request Qemu: ide: divide by zero issue

76691

USN-2745-1

[Qemu-devel] 20150907 [PATCH] ide: fix ATAPI command permissions

Vendor Advisory

GLSA-201602-01

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.