CVE-2015-6855

high-risk
Published 2015-11-06

hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash.

Do I need to act?

~
5.8% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (13)

Eos

Affected Vendors

Debian Arista Canonical Fedoraproject Suse Qemu

References (32)

Third Party Advisory http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168602.ht...
Third Party Advisory http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169036.ht...
Third Party Advisory http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169039.ht...
Third Party Advisory http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169327.ht...
Third Party Advisory http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169341.ht...
Third Party Advisory http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167369....
Mailing List http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00019.html
Third Party Advisory http://www.debian.org/security/2015/dsa-3361
Third Party Advisory http://www.debian.org/security/2015/dsa-3362
Mailing List http://www.openwall.com/lists/oss-security/2015/09/10/1
Mailing List http://www.openwall.com/lists/oss-security/2015/09/10/2
Third Party Advisory http://www.securityfocus.com/bid/76691
Third Party Advisory http://www.ubuntu.com/usn/USN-2745-1
Mailing List https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg02479.html
Third Party Advisory https://security.gentoo.org/glsa/201602-01
Third Party Advisory https://www.arista.com/en/support/advisories-notices/security-advisories/1188-se...
Third Party Advisory http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168602.ht...
Third Party Advisory http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169036.ht...
Third Party Advisory http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169039.ht...
Third Party Advisory http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169327.ht...
and 12 more references
52
/ 100
high-risk
Severity 26/34 · High
Exploitability 9/34 · Low
Exposure 17/34 · Moderate