Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.
2015-08-12T14:59:23.183
2025-04-12T10:46:40.837
Deferred
CVSSv2: 7.2 (HIGH)
AV:L/AC:L/Au:N/C:C/I:C/A:C
3.9
10.0
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | xen | xen | ≤ 4.5.0 | Yes |
| Operating System | xen | xen | 4.5.1 | Yes |
| Application | suse | linux_enterprise_debuginfo | 11 | Yes |
| Operating System | suse | linux_enterprise_desktop | 11 | Yes |
| Operating System | suse | linux_enterprise_desktop | 12 | Yes |
| Operating System | suse | linux_enterprise_server | 11 | Yes |
| Operating System | suse | linux_enterprise_software_development_kit | 11 | Yes |
| Operating System | suse | linux_enterprise_software_development_kit | 12 | Yes |
| Operating System | suse | suse_linux_enterprise_server | 12 | Yes |
| Operating System | fedoraproject | fedora | 21 | Yes |
| Operating System | fedoraproject | fedora | 22 | Yes |
| Operating System | fedoraproject | fedora | 23 | Yes |
| Application | qemu | qemu | ≤ 2.3.0 | Yes |