CVE-2015-7504

HIGH

QEMU - Buffer Overflow

Title source: llm

Description

Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service (instance crash) or possibly execute arbitrary code via a series of packets in loopback mode.

Exploits (1)

github WORKING POC 8 stars

by codecat007 · cpoc

https://github.com/codecat007/cvehub/tree/main/android/kernel/vm-escape-qemu-case-study/vm_escape/cve-2015-7504.c

View Code ZIP pw:eip

References (13)

[Third Party Advisory] http://rhn.redhat.com/errata/RHSA-2015-2694.html

[Third Party Advisory] http://rhn.redhat.com/errata/RHSA-2015-2695.html

[Third Party Advisory] http://rhn.redhat.com/errata/RHSA-2015-2696.html

[Third Party Advisory] http://www.debian.org/security/2016/dsa-3469

[Third Party Advisory] http://www.debian.org/security/2016/dsa-3470

[Third Party Advisory] http://www.debian.org/security/2016/dsa-3471

[Mailing List, Patch, Third Party Advisory] http://www.openwall.com/lists/oss-security/2015/11/30/2

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/78227

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1034268

[Mitigation, Patch, Vendor Advisory] http://xenbits.xen.org/xsa/advisory-162.html

[Mailing List, Patch, Third Party Advisory] https://lists.gnu.org/archive/html/qemu-devel/2015-11/msg06342.html

[Patch, Third Party Advisory, VDB Entry] https://security.gentoo.org/glsa/201602-01

[Patch, Third Party Advisory, VDB Entry] https://security.gentoo.org/glsa/201604-03

Scores

CVSS v3 8.8

EPSS 0.0078

EPSS Percentile 73.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Details

CWE

CWE-787

Status published

Products (5)

debian/debian_linux 7.0

debian/debian_linux 8.0

qemu/qemu 2.5.0 rc0 (3 CPE variants)

qemu/qemu < 2.4.1

xen/xen

Published Oct 16, 2017

Tracked Since Feb 18, 2026