CVE-2015-3209
xen - security update
EPSS 14.9%
Description
Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set.
How to fix CVE-2015-3209
To remediate CVE-2015-3209, upgrade the affected package to a fixed version below.
- Debian/qemu—upgrade to 1:2.3+dfsg-6 or later
- Debian/qemu—upgrade to 1:2.1+dfsg-12+deb8u1 or later
- Debian/qemu-kvm—upgrade to 1.1.2+dfsg-6+deb7u8 or later
- —upgrade to 4.4.0-1 or later
- —upgrade to 4.1.4-3+deb7u8 or later
Is CVE-2015-3209 being exploited?
Moderate — EPSS is 14.9%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (5)
- from 0, < 1:2.3+dfsg-6
- from 0, < 1:2.1+dfsg-12+deb8u1
- from 0, < 1.1.2+dfsg-6+deb7u8
- from 0, < 4.4.0-1
- from 0, < 4.1.4-3+deb7u8