Vulnerability-Lookup

CVE-2015-3215 (GCVE-0-2015-3215)

Vulnerability from cvelistv5 – Published: 2017-06-26 15:00 – Updated: 2024-08-06 05:39

Summary

The NetKVM Windows Virtio driver allows remote attackers to cause a denial of service (guest crash) via a crafted length value in an IP packet, as demonstrated by a value that does not account for the size of the IP options.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

RHSA-2015:1043

Vulnerability from csaf_redhat - Published: 2015-06-03 09:50 - Updated: 2025-11-21 17:52

Summary

Red Hat Security Advisory: virtio-win security and bug fix update

Notes

Topic

An updated virtio-win package that fixes one security issue and two bugs is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

Details

The virtio-win package provides paravirtualized network drivers for most Microsoft Windows operating systems. Paravirtualized drivers are virtualization-aware drivers used by fully virtualized guests running on Red Hat Enterprise Linux. Fully virtualized guests using the paravirtualized drivers gain significantly better I/O performance than fully virtualized guests running without the drivers. It was found that the Windows Virtio NIC driver did not sufficiently sanitize the length of the incoming IP packets, as demonstrated by a packet with IP options present but the overall packet length not being adjusted to reflect the length of those options. A remote attacker able to send a specially crafted IP packet to the guest could use this flaw to crash that guest. (CVE-2015-3215) Red Hat would like to thank Google Project Zero for reporting this issue. This update also fixes the following bugs: * When creating a Windows guest using virtio drivers and direct Logical Unit Number (LUN) access with more than 4 SCSI disks under one virtio-scsi-pci controller, the guest terminated unexpectedly with a stop error, also known as the blue screen of death. This update increases the maximum amount of LUNs per a single virtio-scsi-pci controller has been increased to 254, which prevents the described crash from occurring. (BZ#1210196) * The license.txt file in the virtio-win build has been updated to include the correct year number in the copyright information section. (BZ#1210195) All virtio-win users are advised to upgrade to this updated package, which contains backported patches to correct these issues.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated virtio-win package that fixes one security issue and two bugs is\nnow available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having Important security\nimpact. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available from the CVE link in the\nReferences section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The virtio-win package provides paravirtualized network drivers for most\nMicrosoft Windows operating systems. Paravirtualized drivers are\nvirtualization-aware drivers used by fully virtualized guests running on\nRed Hat Enterprise Linux. Fully virtualized guests using the\nparavirtualized drivers gain significantly better I/O performance than\nfully virtualized guests running without the drivers.\n\nIt was found that the Windows Virtio NIC driver did not sufficiently\nsanitize the length of the incoming IP packets, as demonstrated by a packet\nwith IP options present but the overall packet length not being adjusted to\nreflect the length of those options. A remote attacker able to send a\nspecially crafted IP packet to the guest could use this flaw to crash that\nguest. (CVE-2015-3215)\n\nRed Hat would like to thank Google Project Zero for reporting this issue.\n\nThis update also fixes the following bugs:\n\n* When creating a Windows guest using virtio drivers and direct Logical\nUnit Number (LUN) access with more than 4 SCSI disks under one\nvirtio-scsi-pci controller, the guest terminated unexpectedly with a stop\nerror, also known as the blue screen of death. This update increases the\nmaximum amount of LUNs per a single virtio-scsi-pci controller has been\nincreased to 254, which prevents the described crash from occurring.\n(BZ#1210196)\n\n* The license.txt file in the virtio-win build has been updated to include\nthe correct year number in the copyright information section. (BZ#1210195)\n\nAll virtio-win users are advised to upgrade to this updated package, which\ncontains backported patches to correct these issues.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2015:1043",
        "url": "https://access.redhat.com/errata/RHSA-2015:1043"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "1227634",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1227634"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_1043.json"
      }
    ],
    "title": "Red Hat Security Advisory: virtio-win security and bug fix update",
    "tracking": {
      "current_release_date": "2025-11-21T17:52:35+00:00",
      "generator": {
        "date": "2025-11-21T17:52:35+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2015:1043",
      "initial_release_date": "2015-06-03T09:50:15+00:00",
      "revision_history": [
        {
          "date": "2015-06-03T09:50:15+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2015-06-03T09:50:15+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T17:52:35+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
                  "product_id": "6Client-Supplementary-6.6.z",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:6"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
                  "product_id": "6Server-Supplementary-6.6.z",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:6"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
                  "product_id": "6Workstation-Supplementary-6.6.z",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:6"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux Supplementary"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "virtio-win-0:1.7.4-1.el6_6.noarch",
                "product": {
                  "name": "virtio-win-0:1.7.4-1.el6_6.noarch",
                  "product_id": "virtio-win-0:1.7.4-1.el6_6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/virtio-win@1.7.4-1.el6_6?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "virtio-win-0:1.7.4-1.el6_6.noarch as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
          "product_id": "6Client-Supplementary-6.6.z:virtio-win-0:1.7.4-1.el6_6.noarch"
        },
        "product_reference": "virtio-win-0:1.7.4-1.el6_6.noarch",
        "relates_to_product_reference": "6Client-Supplementary-6.6.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "virtio-win-0:1.7.4-1.el6_6.noarch as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
          "product_id": "6Server-Supplementary-6.6.z:virtio-win-0:1.7.4-1.el6_6.noarch"
        },
        "product_reference": "virtio-win-0:1.7.4-1.el6_6.noarch",
        "relates_to_product_reference": "6Server-Supplementary-6.6.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "virtio-win-0:1.7.4-1.el6_6.noarch as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
          "product_id": "6Workstation-Supplementary-6.6.z:virtio-win-0:1.7.4-1.el6_6.noarch"
        },
        "product_reference": "virtio-win-0:1.7.4-1.el6_6.noarch",
        "relates_to_product_reference": "6Workstation-Supplementary-6.6.z"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Google Project Zero"
          ]
        }
      ],
      "cve": "CVE-2015-3215",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2014-12-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1227634"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "It was found that the Windows Virtio NIC driver did not sufficiently sanitize the length of the incoming IP packets, as demonstrated by a packet with IP options present but the overall packet length not being adjusted to reflect the length of those options. A remote attacker able to send a specially crafted IP packet to the guest could use this flaw to crash that guest.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "virtio-win: netkvm: malformed packet can cause BSOD",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue does affect the virtio-win packages as shipped with Red Hat Enteprise Linux 6 and 7. Future updates for the respective releases will address this issue.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Client-Supplementary-6.6.z:virtio-win-0:1.7.4-1.el6_6.noarch",
          "6Server-Supplementary-6.6.z:virtio-win-0:1.7.4-1.el6_6.noarch",
          "6Workstation-Supplementary-6.6.z:virtio-win-0:1.7.4-1.el6_6.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2015-3215"
        },
        {
          "category": "external",
          "summary": "RHBZ#1227634",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1227634"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2015-3215",
          "url": "https://www.cve.org/CVERecord?id=CVE-2015-3215"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-3215",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3215"
        }
      ],
      "release_date": "2014-12-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2015-06-03T09:50:15+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Client-Supplementary-6.6.z:virtio-win-0:1.7.4-1.el6_6.noarch",
            "6Server-Supplementary-6.6.z:virtio-win-0:1.7.4-1.el6_6.noarch",
            "6Workstation-Supplementary-6.6.z:virtio-win-0:1.7.4-1.el6_6.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2015:1043"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.1,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "products": [
            "6Client-Supplementary-6.6.z:virtio-win-0:1.7.4-1.el6_6.noarch",
            "6Server-Supplementary-6.6.z:virtio-win-0:1.7.4-1.el6_6.noarch",
            "6Workstation-Supplementary-6.6.z:virtio-win-0:1.7.4-1.el6_6.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "virtio-win: netkvm: malformed packet can cause BSOD"
    }
  ]
}

RHSA-2015:1044

Vulnerability from csaf_redhat - Published: 2015-06-03 10:09 - Updated: 2025-11-21 17:52

Summary

Red Hat Security Advisory: virtio-win security and bug fix update

Notes

Topic

An updated virtio-win package that fixes one security issue and two bugs is now available for Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

Details

The virtio-win package provides paravirtualized network drivers for most Microsoft Windows operating systems. Paravirtualized drivers are virtualization-aware drivers used by fully virtualized guests running on Red Hat Enterprise Linux. Fully virtualized guests using the paravirtualized drivers gain significantly better I/O performance than fully virtualized guests running without the drivers. It was found that the Windows Virtio NIC driver did not sufficiently sanitize the length of the incoming IP packets, as demonstrated by a packet with IP options present but the overall packet length not being adjusted to reflect the length of those options. A remote attacker able to send a specially crafted IP packet to the guest could use this flaw to crash that guest. (CVE-2015-3215) Red Hat would like to thank Google Project Zero for reporting this issue. This update also fixes the following bugs: * When creating a Windows guest using virtio drivers and direct Logical Unit Number (LUN) access with more than 4 SCSI disks under one virtio-scsi-pci controller, the guest terminated unexpectedly with a stop error, also known as the blue screen of death. This update increases the maximum amount of LUNs per a single virtio-scsi-pci controller has been increased to 254, which prevents the described crash from occurring. (BZ#1207546) * The license.txt file in the virtio-win build has been updated to include the correct year number in the copyright information section. (BZ#1183427) All virtio-win users are advised to upgrade to this updated package, which contains backported patches to correct these issues.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated virtio-win package that fixes one security issue and two bugs is\nnow available for Red Hat Enterprise Linux 7 Supplementary.\n\nRed Hat Product Security has rated this update as having Important security\nimpact. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available from the CVE link in the\nReferences section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The virtio-win package provides paravirtualized network drivers for most\nMicrosoft Windows operating systems. Paravirtualized drivers are\nvirtualization-aware drivers used by fully virtualized guests running on\nRed Hat Enterprise Linux. Fully virtualized guests using the\nparavirtualized drivers gain significantly better I/O performance than\nfully virtualized guests running without the drivers.\n\nIt was found that the Windows Virtio NIC driver did not sufficiently\nsanitize the length of the incoming IP packets, as demonstrated by a packet\nwith IP options present but the overall packet length not being adjusted to\nreflect the length of those options. A remote attacker able to send a\nspecially crafted IP packet to the guest could use this flaw to crash that\nguest. (CVE-2015-3215)\n\nRed Hat would like to thank Google Project Zero for reporting this issue.\n\nThis update also fixes the following bugs:\n\n* When creating a Windows guest using virtio drivers and direct Logical\nUnit Number (LUN) access with more than 4 SCSI disks under one\nvirtio-scsi-pci controller, the guest terminated unexpectedly with a stop\nerror, also known as the blue screen of death. This update increases the\nmaximum amount of LUNs per a single virtio-scsi-pci controller has been\nincreased to 254, which prevents the described crash from occurring.\n(BZ#1207546)\n\n* The license.txt file in the virtio-win build has been updated to include\nthe correct year number in the copyright information section. (BZ#1183427)\n\nAll virtio-win users are advised to upgrade to this updated package, which\ncontains backported patches to correct these issues.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2015:1044",
        "url": "https://access.redhat.com/errata/RHSA-2015:1044"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "1227634",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1227634"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_1044.json"
      }
    ],
    "title": "Red Hat Security Advisory: virtio-win security and bug fix update",
    "tracking": {
      "current_release_date": "2025-11-21T17:52:37+00:00",
      "generator": {
        "date": "2025-11-21T17:52:37+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2015:1044",
      "initial_release_date": "2015-06-03T10:09:31+00:00",
      "revision_history": [
        {
          "date": "2015-06-03T10:09:31+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2015-06-03T10:09:31+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T17:52:37+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Client Supplementary (v. 7)",
                "product": {
                  "name": "Red Hat Enterprise Linux Client Supplementary (v. 7)",
                  "product_id": "7Client-7.1.Z-Client",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server Supplementary (v. 7)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server Supplementary (v. 7)",
                  "product_id": "7Server-7.1.Z-Server",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Workstation Supplementary (v. 7)",
                "product": {
                  "name": "Red Hat Enterprise Linux Workstation Supplementary (v. 7)",
                  "product_id": "7Workstation-7.1.Z-Workstation",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:7"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux Supplementary"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "virtio-win-0:1.7.4-1.el7.noarch",
                "product": {
                  "name": "virtio-win-0:1.7.4-1.el7.noarch",
                  "product_id": "virtio-win-0:1.7.4-1.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/virtio-win@1.7.4-1.el7?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "virtio-win-0:1.7.4-1.el7.noarch as a component of Red Hat Enterprise Linux Client Supplementary (v. 7)",
          "product_id": "7Client-7.1.Z-Client:virtio-win-0:1.7.4-1.el7.noarch"
        },
        "product_reference": "virtio-win-0:1.7.4-1.el7.noarch",
        "relates_to_product_reference": "7Client-7.1.Z-Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "virtio-win-0:1.7.4-1.el7.noarch as a component of Red Hat Enterprise Linux Server Supplementary (v. 7)",
          "product_id": "7Server-7.1.Z-Server:virtio-win-0:1.7.4-1.el7.noarch"
        },
        "product_reference": "virtio-win-0:1.7.4-1.el7.noarch",
        "relates_to_product_reference": "7Server-7.1.Z-Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "virtio-win-0:1.7.4-1.el7.noarch as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 7)",
          "product_id": "7Workstation-7.1.Z-Workstation:virtio-win-0:1.7.4-1.el7.noarch"
        },
        "product_reference": "virtio-win-0:1.7.4-1.el7.noarch",
        "relates_to_product_reference": "7Workstation-7.1.Z-Workstation"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Google Project Zero"
          ]
        }
      ],
      "cve": "CVE-2015-3215",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2014-12-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1227634"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "It was found that the Windows Virtio NIC driver did not sufficiently sanitize the length of the incoming IP packets, as demonstrated by a packet with IP options present but the overall packet length not being adjusted to reflect the length of those options. A remote attacker able to send a specially crafted IP packet to the guest could use this flaw to crash that guest.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "virtio-win: netkvm: malformed packet can cause BSOD",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue does affect the virtio-win packages as shipped with Red Hat Enteprise Linux 6 and 7. Future updates for the respective releases will address this issue.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Client-7.1.Z-Client:virtio-win-0:1.7.4-1.el7.noarch",
          "7Server-7.1.Z-Server:virtio-win-0:1.7.4-1.el7.noarch",
          "7Workstation-7.1.Z-Workstation:virtio-win-0:1.7.4-1.el7.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2015-3215"
        },
        {
          "category": "external",
          "summary": "RHBZ#1227634",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1227634"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2015-3215",
          "url": "https://www.cve.org/CVERecord?id=CVE-2015-3215"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-3215",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3215"
        }
      ],
      "release_date": "2014-12-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2015-06-03T10:09:31+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "7Client-7.1.Z-Client:virtio-win-0:1.7.4-1.el7.noarch",
            "7Server-7.1.Z-Server:virtio-win-0:1.7.4-1.el7.noarch",
            "7Workstation-7.1.Z-Workstation:virtio-win-0:1.7.4-1.el7.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2015:1044"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.1,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "products": [
            "7Client-7.1.Z-Client:virtio-win-0:1.7.4-1.el7.noarch",
            "7Server-7.1.Z-Server:virtio-win-0:1.7.4-1.el7.noarch",
            "7Workstation-7.1.Z-Workstation:virtio-win-0:1.7.4-1.el7.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "virtio-win: netkvm: malformed packet can cause BSOD"
    }
  ]
}

CNVD-2015-03786

Vulnerability from cnvd - Published: 2015-06-15

Title

virtio-win拒绝服务漏洞

Description

virtio-win是一款针对Windows系统的驱动产品。 virtio-win中存在拒绝服务漏洞，允许攻击者可利用该漏洞使虚拟机系统崩溃。

Severity

中

Patch Name

virtio-win拒绝服务漏洞的补丁

Patch Description

virtio-win是一款针对Windows系统的驱动产品。 virtio-win中存在拒绝服务漏洞，允许攻击者可利用该漏洞使虚拟机系统崩溃。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下厂商提供的安全补丁以修复该漏洞： https://access.redhat.com/security/cve/CVE-2015-3215

Reference

http://www.securityfocus.com/bid/74968

Impacted products

Name
virtio virtio-win

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "74968"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-3215"
    }
  },
  "description": "virtio-win\u662f\u4e00\u6b3e\u9488\u5bf9Windows\u7cfb\u7edf\u7684\u9a71\u52a8\u4ea7\u54c1\u3002\r\n\r\nvirtio-win\u4e2d\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4f7f\u865a\u62df\u673a\u7cfb\u7edf\u5d29\u6e83\u3002",
  "discovererName": "Google Project Zero",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://access.redhat.com/security/cve/CVE-2015-3215",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-03786",
  "openTime": "2015-06-15",
  "patchDescription": "virtio-win\u662f\u4e00\u6b3e\u9488\u5bf9Windows\u7cfb\u7edf\u7684\u9a71\u52a8\u4ea7\u54c1\u3002 \r\n\r\nvirtio-win\u4e2d\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4f7f\u865a\u62df\u673a\u7cfb\u7edf\u5d29\u6e83\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "virtio-win\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "virtio virtio-win"
  },
  "referenceLink": "http://www.securityfocus.com/bid/74968",
  "serverity": "\u4e2d",
  "submitTime": "2015-06-09",
  "title": "virtio-win\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

FKIE_CVE-2015-3215

Vulnerability from fkie_nvd - Published: 2017-06-26 15:29 - Updated: 2025-04-20 01:37

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2015-1043.html	Vendor Advisory
secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2015-1044.html	Vendor Advisory
secalert@redhat.com	https://github.com/YanVugenfirer/kvm-guest-drivers-windows/commit/723416fa4210b7464b28eab89cc76252e6193ac1	Patch, Third Party Advisory
secalert@redhat.com	https://github.com/YanVugenfirer/kvm-guest-drivers-windows/commit/fbfa4d1083ea84c5429992ca3e996d7d4fbc8238	Patch, Third Party Advisory
secalert@redhat.com	https://www.redhat.com/security/data/cve/CVE-2015-3215.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2015-1043.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2015-1044.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/YanVugenfirer/kvm-guest-drivers-windows/commit/723416fa4210b7464b28eab89cc76252e6193ac1	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/YanVugenfirer/kvm-guest-drivers-windows/commit/fbfa4d1083ea84c5429992ca3e996d7d4fbc8238	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/security/data/cve/CVE-2015-3215.html	Vendor Advisory

Impacted products

	Vendor	Product	Version
	redhat	virtio-win	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:virtio-win:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C9702E9-461D-4BEC-9AD4-EE6C8D5E3327",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The NetKVM Windows Virtio driver allows remote attackers to cause a denial of service (guest crash) via a crafted length value in an IP packet, as demonstrated by a value that does not account for the size of the IP options."
    },
    {
      "lang": "es",
      "value": "El driver de NetKVM Windows Virtio permite a un atacante remoto provocar una denegaci\u00f3n de servicio (guest crash) mediante un valor de longitud dise\u00f1ado en un paquete IP, como demuestra el valor que no tiene en cuenta el tama\u00f1o de las opciones IP`s."
    }
  ],
  "id": "CVE-2015-3215",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-06-26T15:29:00.393",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1043.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1044.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/YanVugenfirer/kvm-guest-drivers-windows/commit/723416fa4210b7464b28eab89cc76252e6193ac1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/YanVugenfirer/kvm-guest-drivers-windows/commit/fbfa4d1083ea84c5429992ca3e996d7d4fbc8238"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.redhat.com/security/data/cve/CVE-2015-3215.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1043.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1044.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/YanVugenfirer/kvm-guest-drivers-windows/commit/723416fa4210b7464b28eab89cc76252e6193ac1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/YanVugenfirer/kvm-guest-drivers-windows/commit/fbfa4d1083ea84c5429992ca3e996d7d4fbc8238"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.redhat.com/security/data/cve/CVE-2015-3215.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2015-3215

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2015-3215

Aliases

CVE-2015-3215

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-3215",
    "description": "The NetKVM Windows Virtio driver allows remote attackers to cause a denial of service (guest crash) via a crafted length value in an IP packet, as demonstrated by a value that does not account for the size of the IP options.",
    "id": "GSD-2015-3215",
    "references": [
      "https://access.redhat.com/errata/RHSA-2015:1044",
      "https://access.redhat.com/errata/RHSA-2015:1043"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-3215"
      ],
      "details": "The NetKVM Windows Virtio driver allows remote attackers to cause a denial of service (guest crash) via a crafted length value in an IP packet, as demonstrated by a value that does not account for the size of the IP options.",
      "id": "GSD-2015-3215",
      "modified": "2023-12-13T01:20:07.635755Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2015-3215",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The NetKVM Windows Virtio driver allows remote attackers to cause a denial of service (guest crash) via a crafted length value in an IP packet, as demonstrated by a value that does not account for the size of the IP options."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://rhn.redhat.com/errata/RHSA-2015-1043.html",
            "refsource": "MISC",
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1043.html"
          },
          {
            "name": "http://rhn.redhat.com/errata/RHSA-2015-1044.html",
            "refsource": "MISC",
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1044.html"
          },
          {
            "name": "https://github.com/YanVugenfirer/kvm-guest-drivers-windows/commit/723416fa4210b7464b28eab89cc76252e6193ac1",
            "refsource": "MISC",
            "url": "https://github.com/YanVugenfirer/kvm-guest-drivers-windows/commit/723416fa4210b7464b28eab89cc76252e6193ac1"
          },
          {
            "name": "https://github.com/YanVugenfirer/kvm-guest-drivers-windows/commit/fbfa4d1083ea84c5429992ca3e996d7d4fbc8238",
            "refsource": "MISC",
            "url": "https://github.com/YanVugenfirer/kvm-guest-drivers-windows/commit/fbfa4d1083ea84c5429992ca3e996d7d4fbc8238"
          },
          {
            "name": "https://www.redhat.com/security/data/cve/CVE-2015-3215.html",
            "refsource": "MISC",
            "url": "https://www.redhat.com/security/data/cve/CVE-2015-3215.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:redhat:virtio-win:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2015-3215"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The NetKVM Windows Virtio driver allows remote attackers to cause a denial of service (guest crash) via a crafted length value in an IP packet, as demonstrated by a value that does not account for the size of the IP options."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.redhat.com/security/data/cve/CVE-2015-3215.html",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.redhat.com/security/data/cve/CVE-2015-3215.html"
            },
            {
              "name": "https://github.com/YanVugenfirer/kvm-guest-drivers-windows/commit/fbfa4d1083ea84c5429992ca3e996d7d4fbc8238",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/YanVugenfirer/kvm-guest-drivers-windows/commit/fbfa4d1083ea84c5429992ca3e996d7d4fbc8238"
            },
            {
              "name": "https://github.com/YanVugenfirer/kvm-guest-drivers-windows/commit/723416fa4210b7464b28eab89cc76252e6193ac1",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/YanVugenfirer/kvm-guest-drivers-windows/commit/723416fa4210b7464b28eab89cc76252e6193ac1"
            },
            {
              "name": "RHSA-2015:1044",
              "refsource": "REDHAT",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-1044.html"
            },
            {
              "name": "RHSA-2015:1043",
              "refsource": "REDHAT",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-1043.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2023-02-13T00:48Z",
      "publishedDate": "2017-06-26T15:29Z"
    }
  }
}

GHSA-4JXC-842P-4W6X

Vulnerability from github – Published: 2022-05-17 02:36 – Updated: 2022-05-17 02:36

Details

Severity ?

7.5 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-3215"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-06-26T15:29:00Z",
    "severity": "HIGH"
  },
  "details": "The NetKVM Windows Virtio driver allows remote attackers to cause a denial of service (guest crash) via a crafted length value in an IP packet, as demonstrated by a value that does not account for the size of the IP options.",
  "id": "GHSA-4jxc-842p-4w6x",
  "modified": "2022-05-17T02:36:17Z",
  "published": "2022-05-17T02:36:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3215"
    },
    {
      "type": "WEB",
      "url": "https://github.com/YanVugenfirer/kvm-guest-drivers-windows/commit/723416fa4210b7464b28eab89cc76252e6193ac1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/YanVugenfirer/kvm-guest-drivers-windows/commit/fbfa4d1083ea84c5429992ca3e996d7d4fbc8238"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2015:1043"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2015:1044"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2015-3215"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1227634"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/security/data/cve/CVE-2015-3215.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1043.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1044.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-3215 (GCVE-0-2015-3215)

RHSA-2015:1043

RHSA-2015:1044

CNVD-2015-03786

FKIE_CVE-2015-3215

GSD-2015-3215

GHSA-4JXC-842P-4W6X

Tags

Sightings

Nomenclature