vulnerability
FreeBSD: VID-152acff3-b1bd-11e5-9728-002590263bf5 (CVE-2015-8666): qemu -- denial of service vulnerability in Q35 chipset emulation
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 3 | (AV:L/AC:M/Au:N/C:N/I:P/A:P) | Jan 3, 2016 | Dec 10, 2025 | Dec 10, 2025 |
Severity
3
CVSS
(AV:L/AC:M/Au:N/C:N/I:P/A:P)
Published
Jan 3, 2016
Added
Dec 10, 2025
Modified
Dec 10, 2025
Description
Prasad J Pandit, Red Hat Product Security Team, reports: Qemu emulator built with the Q35 chipset based pc system emulator is vulnerable to a heap based buffer overflow. It occurs during VM guest migration, as more(16 bytes) data is moved into allocated (8 bytes) memory area. A privileged guest user could use this issue to corrupt the VM guest image, potentially leading to a DoS. This issue affects q35 machine types.
Solutions
freebsd-upgrade-package-qemufreebsd-upgrade-package-qemu-develfreebsd-upgrade-package-qemu-sbrunofreebsd-upgrade-package-qemu-user-static
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.