{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-06-03T00:00:00", "descriptions": [{"lang": "en", "value": "The NetKVM Windows Virtio driver allows remote attackers to cause a denial of service (guest crash) via a crafted length value in an IP packet, as demonstrated by a value that does not account for the size of the IP options."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-06-26T14:57:02", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "RHSA-2015:1044", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1044.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.redhat.com/security/data/cve/CVE-2015-3215.html"}, {"name": "RHSA-2015:1043", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1043.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/YanVugenfirer/kvm-guest-drivers-windows/commit/fbfa4d1083ea84c5429992ca3e996d7d4fbc8238"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/YanVugenfirer/kvm-guest-drivers-windows/commit/723416fa4210b7464b28eab89cc76252e6193ac1"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T05:39:32.075Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2015:1044", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1044.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.redhat.com/security/data/cve/CVE-2015-3215.html"}, {"name": "RHSA-2015:1043", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1043.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/YanVugenfirer/kvm-guest-drivers-windows/commit/fbfa4d1083ea84c5429992ca3e996d7d4fbc8238"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/YanVugenfirer/kvm-guest-drivers-windows/commit/723416fa4210b7464b28eab89cc76252e6193ac1"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2015-3215", "datePublished": "2017-06-26T15:00:00", "dateReserved": "2015-04-10T00:00:00", "dateUpdated": "2024-08-06T05:39:32.075Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:virtio-win:-:*:*:*:*:*:*:*", "matchCriteriaId": "3C9702E9-461D-4BEC-9AD4-EE6C8D5E3327", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The NetKVM Windows Virtio driver allows remote attackers to cause a denial of service (guest crash) via a crafted length value in an IP packet, as demonstrated by a value that does not account for the size of the IP options."}, {"lang": "es", "value": "El driver de NetKVM Windows Virtio permite a un atacante remoto provocar una denegaci\u00f3n de servicio (guest crash) mediante un valor de longitud dise\u00f1ado en un paquete IP, como demuestra el valor que no tiene en cuenta el tama\u00f1o de las opciones IP`s."}], "id": "CVE-2015-3215", "lastModified": "2024-11-21T02:28:55.443", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-06-26T15:29:00.393", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1043.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1044.html"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/YanVugenfirer/kvm-guest-drivers-windows/commit/723416fa4210b7464b28eab89cc76252e6193ac1"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/YanVugenfirer/kvm-guest-drivers-windows/commit/fbfa4d1083ea84c5429992ca3e996d7d4fbc8238"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://www.redhat.com/security/data/cve/CVE-2015-3215.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1043.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1044.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/YanVugenfirer/kvm-guest-drivers-windows/commit/723416fa4210b7464b28eab89cc76252e6193ac1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/YanVugenfirer/kvm-guest-drivers-windows/commit/fbfa4d1083ea84c5429992ca3e996d7d4fbc8238"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.redhat.com/security/data/cve/CVE-2015-3215.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Google Project Zero for reporting this issue.", "affected_release": [{"advisory": "RHSA-2015:1043", "cpe": "cpe:/a:redhat:rhel_extras:6", "package": "virtio-win-0:1.7.4-1.el6_6", "product_name": "Supplementary for Red Hat Enterprise Linux 6", "release_date": "2015-06-03T00:00:00Z"}, {"advisory": "RHSA-2015:1044", "cpe": "cpe:/a:redhat:rhel_extras:7", "package": "virtio-win-0:1.7.4-1.el7", "product_name": "Supplementary for Red Hat Enterprise Linux 7", "release_date": "2015-06-03T00:00:00Z"}], "bugzilla": {"description": "virtio-win: netkvm: malformed packet can cause BSOD", "id": "1227634", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1227634"}, "csaw": false, "cvss": {"cvss_base_score": "6.1", "cvss_scoring_vector": "AV:A/AC:L/Au:N/C:N/I:N/A:C", "status": "verified"}, "cwe": "CWE-20", "details": ["The NetKVM Windows Virtio driver allows remote attackers to cause a denial of service (guest crash) via a crafted length value in an IP packet, as demonstrated by a value that does not account for the size of the IP options.", "It was found that the Windows Virtio NIC driver did not sufficiently sanitize the length of the incoming IP packets, as demonstrated by a packet with IP options present but the overall packet length not being adjusted to reflect the length of those options. A remote attacker able to send a specially crafted IP packet to the guest could use this flaw to crash that guest."], "name": "CVE-2015-3215", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "virtio-win", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2014-12-15T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-3215\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3215"], "statement": "This issue does affect the virtio-win packages as shipped with Red Hat Enteprise Linux 6 and 7. Future updates for the respective releases will address this issue.", "threat_severity": "Important"}