CVE-2015-5165
Advisory lineage Upstream: 0 Downstream: 22
Modified
Published: 12 Aug 2015, 14:00
Last modified:06 Aug 2024, 06:41
Vulnerability Summary
Overall Risk (default)
high
70/100 CVSS Score
9.3 HIGH
v2.0 (nvd)
EPSS Score
12.94% MEDIUM
13% probability +3.22%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
12 Aug 2015, 14:00
Published
Vulnerability first disclosed
06 Aug 2024, 06:41
Last Modified
Vulnerability information updated
Description
The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors.
CVSS Metrics
- v2.0•HIGH•Score: 9.3AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS Trends
Current EPSS score: 12.94%• Percentile: 94%
Techniques & Countermeasures
- CWE-908•Use of Uninitialized Resource
The product uses or accesses a resource that has not been initialized.
Affected Systems
- arista•eos
4.12 | 4.13 | 4.14 | 4.15
- debian•debian_linux
7.0 | 8.0
- fedoraproject•fedora
21 | 22
- oracle•linux
7:0
- redhat•enterprise_linux_compute_node_eus
7.1 | 7.2 | 7.3 | 7.4 | 7.5 | 7.6 | 7.7
- redhat•enterprise_linux_desktop
6.0
- redhat•enterprise_linux_eus
6.7
- redhat•enterprise_linux_eus_compute_node
6.7
- redhat•enterprise_linux_for_power_big_endian
6.0 | 7.0
- redhat•enterprise_linux_for_power_big_endian_eus
6.7_ppc64 | 7.1_ppc64 | 7.2_ppc64 | 7.3_ppc64 | 7.4_ppc64 | 7.5_ppc64 | 7.6_ppc64 | 7.7_ppc64
- redhat•enterprise_linux_for_scientific_computing
6.0 | 7.0
- redhat•enterprise_linux_server
6.0 | 7.0
- redhat•enterprise_linux_server_aus
7.3 | 7.4 | 7.6 | 7.7
- redhat•enterprise_linux_server_eus
7.1 | 7.2 | 7.3 | 7.4 | 7.5 | 7.6 | 7.7
- redhat•enterprise_linux_server_eus_from_rhui
6.7
- redhat•enterprise_linux_server_from_rhui
6.0 | 7.0
- redhat•enterprise_linux_server_tus
7.3 | 7.6 | 7.7
- redhat•enterprise_linux_server_update_services_for_sap_solutions
7.2 | 7.3 | 7.4 | 7.6 | 7.7
- redhat•enterprise_linux_workstation
6.0 | 7.0
- redhat•openstack
5.0 | 6.0
- redhat•virtualization
3.0
- suse•linux_enterprise_debuginfo
11:sp1
- suse•linux_enterprise_server
10:sp4 | 11:sp1
- xen•xen
≤ 4.5.0 | 4.5.1
References (19)
- http://rhn.redhat.com/errata/RHSA-2015-1674.html
- http://www.securitytracker.com/id/1033176
- http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00027.html
- http://www.debian.org/security/2015/dsa-3348
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://support.citrix.com/article/CTX201717
- http://rhn.redhat.com/errata/RHSA-2015-1683.html
- http://rhn.redhat.com/errata/RHSA-2015-1793.html
- http://www.debian.org/security/2015/dsa-3349
- http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167820.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165373.html
- http://rhn.redhat.com/errata/RHSA-2015-1833.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167792.html
- http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00018.html
- http://rhn.redhat.com/errata/RHSA-2015-1740.html
- http://rhn.redhat.com/errata/RHSA-2015-1739.html
- http://www.securityfocus.com/bid/76153
- http://xenbits.xen.org/xsa/advisory-140.html
- https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13