VDB
GCVE-110-MAGEIA-2015-149
GCVE-110-MAGEIA-2015-149
Advisory Published
Updated qemu packages fix security vulnerabilities:
A denial of service flaw was found in the way QEMU handled malformed Physical
Region Descriptor Table (PRDT) data sent to the host's IDE and/or AHCI
controller emulation. A privileged guest user could use this flaw to crash the
system (rhbz#1204919).
It was found that the QEMU's websocket frame decoder processed incoming frames
without limiting resources used to process the header and the payload. An
attacker able to access a guest's VNC console could use this flaw to trigger a
denial of service on the host by exhausting all available memory and CPU
(CVE-2015-1779).
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | qemu | 0 (affected), 1.6.2-1.9.mga4 (unaffected), 1.6.2-1.9.mga4 (unaffected), 0 (affected) | — |
| Mageia | kmod-virtualbox | 0 (affected), 5.0.6-1.mga5 (unaffected) | — |
| Mageia | kmod-vboxadditions | 0 (affected), 5.0.6-1.mga5 (unaffected) | — |
| Mageia | virtualbox | 0 (affected), 5.0.6-1.mga5 (unaffected) | — |
Aliases
References
Browse GCVE Records
72,921 records in the GCVE database · Updated July 15, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.