VDB

GCVE-110-MAGEIA-2015-149

GCVE-110-MAGEIA-2015-149
Advisory Published
Vulnetix · Advisory published April 15, 2015
Updated qemu packages fix security vulnerabilities: A denial of service flaw was found in the way QEMU handled malformed Physical Region Descriptor Table (PRDT) data sent to the host's IDE and/or AHCI controller emulation. A privileged guest user could use this flaw to crash the system (rhbz#1204919). It was found that the QEMU's websocket frame decoder processed incoming frames without limiting resources used to process the header and the payload. An attacker able to access a guest's VNC console could use this flaw to trigger a denial of service on the host by exhausting all available memory and CPU (CVE-2015-1779).

Affected Products

VendorProductVersionsPlatforms
Mageiaqemu0 (affected), 1.6.2-1.9.mga4 (unaffected), 1.6.2-1.9.mga4 (unaffected), 0 (affected)
Mageiakmod-virtualbox0 (affected), 5.0.6-1.mga5 (unaffected)
Mageiakmod-vboxadditions0 (affected), 5.0.6-1.mga5 (unaffected)
Mageiavirtualbox0 (affected), 5.0.6-1.mga5 (unaffected)

Browse GCVE Records

72,921 records in the GCVE database · Updated July 15, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›