FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

qemu -- denial of service vulnerability in virtio-net support

Affected packages
qemu < 2.4.1
qemu-devel < 2.4.1
qemu-sbruno < 2.5.50.g20151224
qemu-user-static < 2.5.50.g20151224


VuXML ID 42cbd1e8-b152-11e5-9728-002590263bf5
Discovery 2015-09-18
Entry 2016-01-02

Prasad J Pandit, Red Hat Product Security Team, reports:

Qemu emulator built with the Virtual Network Device(virtio-net) support is vulnerable to a DoS issue. It could occur while receiving large packets over the tuntap/macvtap interfaces and when guest's virtio-net driver did not support big/mergeable receive buffers.

An attacker on the local network could use this flaw to disable guest's networking by sending a large number of jumbo frames to the guest, exhausting all receive buffers and thus leading to a DoS situation.


CVE Name CVE-2015-7295