PublicDateAtUSN: 2015-08-06
Candidate: CVE-2015-5745
PublicDate: 2020-01-23 20:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5745
 http://www.openwall.com/lists/oss-security/2015/08/06/3
 https://ubuntu.com/security/notices/USN-2724-1
Description:
 Buffer overflow in the send_control_msg function in
 hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to
 cause a denial of service (QEMU process crash) via a crafted virtio control
 message.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H [6.5 MEDIUM]

Patches_qemu-kvm:
upstream_qemu-kvm: needs-triage
precise_qemu-kvm: not-affected (code not present)
trusty_qemu-kvm: DNE
trusty/esm_qemu-kvm: DNE
utopic_qemu-kvm: DNE
vivid_qemu-kvm: DNE
devel_qemu-kvm: DNE

Patches_qemu:
 upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=7882080388be5088e72c425b02223c02e6cb4295
upstream_qemu: needs-triage
precise_qemu: DNE
trusty_qemu: released (2.0.0+dfsg-2ubuntu1.17)
trusty/esm_qemu: released (2.0.0+dfsg-2ubuntu1.17)
utopic_qemu: ignored (reached end-of-life)
vivid_qemu: released (1:2.2+dfsg-5expubuntu9.4)
devel_qemu: released (1:2.3+dfsg-5ubuntu4)