Medium severity5.5NVD Advisory· Published Dec 29, 2016· Updated May 6, 2026

CVE-2015-8744

Description

QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It occurs when a guest sends a Layer-2 packet smaller than 22 bytes. A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance resulting in DoS.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.debian.org/security/2016/dsa-3471nvdThird Party Advisory
www.openwall.com/lists/oss-security/2016/01/04/3nvdMailing ListThird Party Advisory
www.openwall.com/lists/oss-security/2016/01/04/6nvdMailing ListThird Party Advisory
www.securityfocus.com/bid/79821nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1034576nvdThird Party AdvisoryVDB Entry
bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party Advisory
security.gentoo.org/glsa/201602-01nvdThird Party Advisory
git.qemu.orgnvd

News mentions

No linked articles in our index yet.

cvss	0.358
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000