High severity7.5NVD Advisory· Published Nov 6, 2015· Updated May 6, 2026

CVE-2015-6855

Description

hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash.

Affected products

QEMU/Qemu
cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*
Range: <=2.4.1
Arista/Eos
cpe:2.3:o:arista:eos:-:*:*:*:*:*:*:*
Canonical (company)/Ubuntu Linux3 versions
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*+ 2 more
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
Debian/Debian Linux3 versions
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Fedoraproject/Fedora3 versions
cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
SUSE S.A./Linux Enterprise Desktop
cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*
SUSE S.A./Linux Enterprise Server
cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.fedoraproject.org/pipermail/package-announce/2015-October/168602.htmlnvdThird Party Advisory
lists.fedoraproject.org/pipermail/package-announce/2015-October/169036.htmlnvdThird Party Advisory
lists.fedoraproject.org/pipermail/package-announce/2015-October/169039.htmlnvdThird Party Advisory
lists.fedoraproject.org/pipermail/package-announce/2015-October/169327.htmlnvdThird Party Advisory
lists.fedoraproject.org/pipermail/package-announce/2015-October/169341.htmlnvdThird Party Advisory
lists.fedoraproject.org/pipermail/package-announce/2015-September/167369.htmlnvdThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2015-10/msg00019.htmlnvdMailing ListThird Party Advisory
www.debian.org/security/2015/dsa-3361nvdThird Party Advisory
www.debian.org/security/2015/dsa-3362nvdThird Party Advisory
www.openwall.com/lists/oss-security/2015/09/10/1nvdMailing ListThird Party Advisory
www.openwall.com/lists/oss-security/2015/09/10/2nvdMailing ListThird Party Advisory
www.securityfocus.com/bid/76691nvdThird Party AdvisoryVDB Entry
www.ubuntu.com/usn/USN-2745-1nvdThird Party Advisory
lists.gnu.org/archive/html/qemu-devel/2015-09/msg02479.htmlnvdMailing ListThird Party Advisory
security.gentoo.org/glsa/201602-01nvdThird Party Advisory
www.arista.com/en/support/advisories-notices/security-advisories/1188-security-advisory-14nvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.003
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000