FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

qemu -- denial of service vulnerability in MSI-X support

Affected packages
qemu < 2.5.0
qemu-devel < 2.5.0
qemu-sbruno < 2.5.50.g20151224
qemu-user-static < 2.5.50.g20151224


VuXML ID 3fb06284-b1b7-11e5-9728-002590263bf5
Discovery 2015-06-26
Entry 2016-01-03

Prasad J Pandit, Red Hat Product Security Team, reports:

Qemu emulator built with the PCI MSI-X support is vulnerable to null pointer dereference issue. It occurs when the controller attempts to write to the pending bit array(PBA) memory region. Because the MSI-X MMIO support did not define the .write method.

A privileges used inside guest could use this flaw to crash the Qemu process resulting in DoS issue.


CVE Name CVE-2015-7549