CVE-2015-3209

Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set.

Published: Jun 15, 2015
Updated: Nov 9, 2025
CVE: CVE-2015-3209
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-787

Affected Software
References

Software	From	Fixed in
qemu / qemu	-	2.3.1.x
juniper / junos_space	-	15.1.x
canonical / ubuntu_linux	14.10	14.10.x
canonical / ubuntu_linux	15.04	15.04.x
canonical / ubuntu_linux	12.04	12.04.x
canonical / ubuntu_linux	14.04	14.04.x
debian / debian_linux	8.0	8.0.x
debian / debian_linux	7.0	7.0.x
redhat / enterprise_linux_server	5.0	5.0.x
redhat / enterprise_linux_workstation	5.0	5.0.x
redhat / enterprise_linux_server_aus	6.6	6.6.x
redhat / enterprise_linux_desktop	6.0	6.0.x
redhat / enterprise_linux_server	6.0	6.0.x
redhat / enterprise_linux_workstation	6.0	6.0.x
redhat / enterprise_linux_eus	6.6	6.6.x
redhat / enterprise_linux_server_tus	6.6	6.6.x
redhat / openstack	5.0	5.0.x
redhat / virtualization	3.0	3.0.x
fedoraproject / fedora	22	22.x
fedoraproject / fedora	20	20.x
fedoraproject / fedora	21	21.x
suse / linux_enterprise_server	11-sp1	11-sp1.x
suse / linux_enterprise_desktop	11-sp3	11-sp3.x
suse / linux_enterprise_debuginfo	11-sp2	11-sp2.x
suse / linux_enterprise_software_development_kit	11-sp3	11-sp3.x
suse / linux_enterprise_server	11-sp2	11-sp2.x
suse / linux_enterprise_server	10-sp4	10-sp4.x
suse / linux_enterprise_server	12	12.x
suse / linux_enterprise_software_development_kit	12	12.x
suse / linux_enterprise_desktop	12	12.x
suse / linux_enterprise_server	11-sp3	11-sp3.x
arista / eos	4.15	4.15.x
arista / eos	4.14	4.14.x
arista / eos	4.13	4.13.x
arista / eos	4.12	4.12.x

Vulnerability Database

313,359

CVE-2015-3209

Deep Security Visibility Without the Complexity