RHSA-2015:1043
Vulnerability from csaf_redhat - Published: 2015-06-03 09:50 - Updated: 2025-11-21 17:52Summary
Red Hat Security Advisory: virtio-win security and bug fix update
Notes
Topic
An updated virtio-win package that fixes one security issue and two bugs is
now available for Red Hat Enterprise Linux 6 Supplementary.
Red Hat Product Security has rated this update as having Important security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.
Details
The virtio-win package provides paravirtualized network drivers for most
Microsoft Windows operating systems. Paravirtualized drivers are
virtualization-aware drivers used by fully virtualized guests running on
Red Hat Enterprise Linux. Fully virtualized guests using the
paravirtualized drivers gain significantly better I/O performance than
fully virtualized guests running without the drivers.
It was found that the Windows Virtio NIC driver did not sufficiently
sanitize the length of the incoming IP packets, as demonstrated by a packet
with IP options present but the overall packet length not being adjusted to
reflect the length of those options. A remote attacker able to send a
specially crafted IP packet to the guest could use this flaw to crash that
guest. (CVE-2015-3215)
Red Hat would like to thank Google Project Zero for reporting this issue.
This update also fixes the following bugs:
* When creating a Windows guest using virtio drivers and direct Logical
Unit Number (LUN) access with more than 4 SCSI disks under one
virtio-scsi-pci controller, the guest terminated unexpectedly with a stop
error, also known as the blue screen of death. This update increases the
maximum amount of LUNs per a single virtio-scsi-pci controller has been
increased to 254, which prevents the described crash from occurring.
(BZ#1210196)
* The license.txt file in the virtio-win build has been updated to include
the correct year number in the copyright information section. (BZ#1210195)
All virtio-win users are advised to upgrade to this updated package, which
contains backported patches to correct these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An updated virtio-win package that fixes one security issue and two bugs is\nnow available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having Important security\nimpact. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available from the CVE link in the\nReferences section.",
"title": "Topic"
},
{
"category": "general",
"text": "The virtio-win package provides paravirtualized network drivers for most\nMicrosoft Windows operating systems. Paravirtualized drivers are\nvirtualization-aware drivers used by fully virtualized guests running on\nRed Hat Enterprise Linux. Fully virtualized guests using the\nparavirtualized drivers gain significantly better I/O performance than\nfully virtualized guests running without the drivers.\n\nIt was found that the Windows Virtio NIC driver did not sufficiently\nsanitize the length of the incoming IP packets, as demonstrated by a packet\nwith IP options present but the overall packet length not being adjusted to\nreflect the length of those options. A remote attacker able to send a\nspecially crafted IP packet to the guest could use this flaw to crash that\nguest. (CVE-2015-3215)\n\nRed Hat would like to thank Google Project Zero for reporting this issue.\n\nThis update also fixes the following bugs:\n\n* When creating a Windows guest using virtio drivers and direct Logical\nUnit Number (LUN) access with more than 4 SCSI disks under one\nvirtio-scsi-pci controller, the guest terminated unexpectedly with a stop\nerror, also known as the blue screen of death. This update increases the\nmaximum amount of LUNs per a single virtio-scsi-pci controller has been\nincreased to 254, which prevents the described crash from occurring.\n(BZ#1210196)\n\n* The license.txt file in the virtio-win build has been updated to include\nthe correct year number in the copyright information section. (BZ#1210195)\n\nAll virtio-win users are advised to upgrade to this updated package, which\ncontains backported patches to correct these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2015:1043",
"url": "https://access.redhat.com/errata/RHSA-2015:1043"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1227634",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1227634"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_1043.json"
}
],
"title": "Red Hat Security Advisory: virtio-win security and bug fix update",
"tracking": {
"current_release_date": "2025-11-21T17:52:35+00:00",
"generator": {
"date": "2025-11-21T17:52:35+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2015:1043",
"initial_release_date": "2015-06-03T09:50:15+00:00",
"revision_history": [
{
"date": "2015-06-03T09:50:15+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2015-06-03T09:50:15+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T17:52:35+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.6.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.6.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.6.z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:6"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux Supplementary"
},
{
"branches": [
{
"category": "product_version",
"name": "virtio-win-0:1.7.4-1.el6_6.noarch",
"product": {
"name": "virtio-win-0:1.7.4-1.el6_6.noarch",
"product_id": "virtio-win-0:1.7.4-1.el6_6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/virtio-win@1.7.4-1.el6_6?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "virtio-win-0:1.7.4-1.el6_6.noarch as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
"product_id": "6Client-Supplementary-6.6.z:virtio-win-0:1.7.4-1.el6_6.noarch"
},
"product_reference": "virtio-win-0:1.7.4-1.el6_6.noarch",
"relates_to_product_reference": "6Client-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "virtio-win-0:1.7.4-1.el6_6.noarch as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
"product_id": "6Server-Supplementary-6.6.z:virtio-win-0:1.7.4-1.el6_6.noarch"
},
"product_reference": "virtio-win-0:1.7.4-1.el6_6.noarch",
"relates_to_product_reference": "6Server-Supplementary-6.6.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "virtio-win-0:1.7.4-1.el6_6.noarch as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
"product_id": "6Workstation-Supplementary-6.6.z:virtio-win-0:1.7.4-1.el6_6.noarch"
},
"product_reference": "virtio-win-0:1.7.4-1.el6_6.noarch",
"relates_to_product_reference": "6Workstation-Supplementary-6.6.z"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Google Project Zero"
]
}
],
"cve": "CVE-2015-3215",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2014-12-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1227634"
}
],
"notes": [
{
"category": "description",
"text": "It was found that the Windows Virtio NIC driver did not sufficiently sanitize the length of the incoming IP packets, as demonstrated by a packet with IP options present but the overall packet length not being adjusted to reflect the length of those options. A remote attacker able to send a specially crafted IP packet to the guest could use this flaw to crash that guest.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "virtio-win: netkvm: malformed packet can cause BSOD",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue does affect the virtio-win packages as shipped with Red Hat Enteprise Linux 6 and 7. Future updates for the respective releases will address this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-Supplementary-6.6.z:virtio-win-0:1.7.4-1.el6_6.noarch",
"6Server-Supplementary-6.6.z:virtio-win-0:1.7.4-1.el6_6.noarch",
"6Workstation-Supplementary-6.6.z:virtio-win-0:1.7.4-1.el6_6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-3215"
},
{
"category": "external",
"summary": "RHBZ#1227634",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1227634"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-3215",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3215"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-3215",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3215"
}
],
"release_date": "2014-12-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-06-03T09:50:15+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Client-Supplementary-6.6.z:virtio-win-0:1.7.4-1.el6_6.noarch",
"6Server-Supplementary-6.6.z:virtio-win-0:1.7.4-1.el6_6.noarch",
"6Workstation-Supplementary-6.6.z:virtio-win-0:1.7.4-1.el6_6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:1043"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"products": [
"6Client-Supplementary-6.6.z:virtio-win-0:1.7.4-1.el6_6.noarch",
"6Server-Supplementary-6.6.z:virtio-win-0:1.7.4-1.el6_6.noarch",
"6Workstation-Supplementary-6.6.z:virtio-win-0:1.7.4-1.el6_6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "virtio-win: netkvm: malformed packet can cause BSOD"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…