CVE-2015-5154

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.

References

http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163472.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163658.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163681.html

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00041.html

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00042.html

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00017.html

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00018.html

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00020.html

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00022.html

http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00027.html

http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00019.html

http://rhn.redhat.com/errata/RHSA-2015-1507.html

http://rhn.redhat.com/errata/RHSA-2015-1508.html

http://rhn.redhat.com/errata/RHSA-2015-1512.html

http://support.citrix.com/article/CTX201593

http://www.debian.org/security/2015/dsa-3348

http://www.securityfocus.com/bid/76048

http://www.securitytracker.com/id/1033074

http://xenbits.xen.org/xsa/advisory-138.html

https://security.gentoo.org/glsa/201510-02

https://security.gentoo.org/glsa/201604-03

Details

Source: MITRE

Published: 2015-08-12

Updated: 2018-10-30

Type: CWE-119

Risk Information

CVSS v2

Base Score: 7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.9

Severity: HIGH

Tenable Plugins

View all (35 total)

IDNameProductFamilySeverity
117306RHEL 7 : qemu-kvm-rhev (RHSA-2015:1508)NessusRed Hat Local Security Checks
high
90380GLSA-201604-03 : Xen: Multiple vulnerabilities (Venom)NessusGentoo Local Security Checks
critical
87588SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2015:2324-1)NessusSuSE Local Security Checks
high
87393openSUSE Security Update : xen (openSUSE-2015-892)NessusSuSE Local Security Checks
medium
86909openSUSE Security Update : xen (openSUSE-2015-750)NessusSuSE Local Security Checks
medium
86863openSUSE Security Update : xen (openSUSE-2015-729)NessusSuSE Local Security Checks
medium
86687GLSA-201510-02 : QEMU: Arbitrary code executionNessusGentoo Local Security Checks
medium
86490SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2015:1782-1)NessusSuSE Local Security Checks
medium
86203SUSE SLES10 Security Update : Xen (SUSE-SU-2015:1643-1)NessusSuSE Local Security Checks
high
85792SUSE SLED11 Security Update : xen (SUSE-SU-2015:1479-2)NessusSuSE Local Security Checks
high
85791SUSE SLED11 / SLES11 Security Update : xen (SUSE-SU-2015:1479-1)NessusSuSE Local Security Checks
high
85761SUSE SLED11 / SLES11 Security Update : kvm (SUSE-SU-2015:1472-1)NessusSuSE Local Security Checks
high
85754Debian DSA-3348-1 : qemu - security updateNessusDebian Local Security Checks
medium
85727Fedora 21 : qemu-2.1.3-9.fc21 (2015-13404)NessusFedora Local Security Checks
high
85722SUSE SLED11 / SLES11 Security Update : kvm (SUSE-SU-2015:1455-1)NessusSuSE Local Security Checks
high
85625SUSE SLES11 Security Update : kvm (SUSE-SU-2015:1426-1)NessusSuSE Local Security Checks
high
85598SUSE SLES11 Security Update : xen (SUSE-SU-2015:1421-1)NessusSuSE Local Security Checks
high
85592Fedora 23 : qemu-2.4.0-1.fc23 (2015-13358)NessusFedora Local Security Checks
medium
85576SUSE SLES11 Security Update : kvm (SUSE-SU-2015:1409-1)NessusSuSE Local Security Checks
high
85575SUSE SLES11 Security Update : xen (SUSE-SU-2015:1408-1)NessusSuSE Local Security Checks
high
85480Fedora 22 : qemu-2.3.1-1.fc22 (2015-13402)NessusFedora Local Security Checks
medium
85361Fedora 21 : xen-4.4.2-9.fc21 (2015-12714)NessusFedora Local Security Checks
high
85359Fedora 22 : xen-4.5.1-5.fc22 (2015-12657)NessusFedora Local Security Checks
high
85316Fedora 23 : xen-4.5.1-5.fc23 (2015-12679)NessusFedora Local Security Checks
high
85242Citrix XenServer QEMU IDE Buffer Overflow Code Execution (CTX201593)NessusMisc.
high
85234FreeBSD : qemu, xen-tools -- QEMU heap overflow flaw with certain ATAPI commands (da451130-365d-11e5-a4a5-002590263bf5)NessusFreeBSD Local Security Checks
high
85080Ubuntu 14.04 LTS / 15.04 : qemu vulnerabilities (USN-2692-1)NessusUbuntu Local Security Checks
medium
85074SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2015:1302-1)NessusSuSE Local Security Checks
high
85073SUSE SLED11 / SLES11 Security Update : xen (SUSE-SU-2015:1299-1)NessusSuSE Local Security Checks
high
85072Scientific Linux Security Update : qemu-kvm on SL7.x x86_64 (20150727)NessusScientific Linux Local Security Checks
high
85040RHEL 7 : qemu-kvm (RHSA-2015:1507)NessusRed Hat Local Security Checks
high
85038OracleVM 3.2 : xen (OVMSA-2015-0096)NessusOracleVM Local Security Checks
high
85037OracleVM 3.3 : xen (OVMSA-2015-0095)NessusOracleVM Local Security Checks
high
85035Oracle Linux 7 : qemu-kvm (ELSA-2015-1507)NessusOracle Linux Local Security Checks
high
85030CentOS 7 : qemu-kvm (CESA-2015:1507)NessusCentOS Local Security Checks
high