CVE-2015-5165

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors.

References

http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165373.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167792.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167820.html

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00018.html

http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00027.html

http://rhn.redhat.com/errata/RHSA-2015-1674.html

http://rhn.redhat.com/errata/RHSA-2015-1683.html

http://rhn.redhat.com/errata/RHSA-2015-1739.html

http://rhn.redhat.com/errata/RHSA-2015-1740.html

http://rhn.redhat.com/errata/RHSA-2015-1793.html

http://rhn.redhat.com/errata/RHSA-2015-1833.html

http://support.citrix.com/article/CTX201717

http://www.debian.org/security/2015/dsa-3348

http://www.debian.org/security/2015/dsa-3349

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

http://www.securityfocus.com/bid/76153

http://www.securitytracker.com/id/1033176

http://xenbits.xen.org/xsa/advisory-140.html

Details

Source: MITRE

Published: 2015-08-12

Updated: 2018-10-30

Type: CWE-200

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:* versions up to 4.5.0 (inclusive)

cpe:2.3:o:xen:xen:4.5.1:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*

Tenable Plugins

View all (35 total)

IDNameProductFamilySeverity
117307RHEL 7 : qemu-kvm-rhev (RHSA-2015:1739)NessusRed Hat Local Security Checks
medium
91316OracleVM 3.4 : qemu-kvm (OVMSA-2016-0051)NessusOracleVM Local Security Checks
critical
91198Debian DLA-479-1 : xen security updateNessusDebian Local Security Checks
high
88770F5 Networks BIG-IP : Multiple QEMU vulnerabilities (K63519101)NessusF5 Networks Local Security Checks
critical
86909openSUSE Security Update : xen (openSUSE-2015-750)NessusSuSE Local Security Checks
medium
86863openSUSE Security Update : xen (openSUSE-2015-729)NessusSuSE Local Security Checks
medium
86513CentOS 6 : qemu-kvm (CESA-2015:1833)NessusCentOS Local Security Checks
medium
86512CentOS 7 : qemu-kvm (CESA-2015:1793)NessusCentOS Local Security Checks
medium
86203SUSE SLES10 Security Update : Xen (SUSE-SU-2015:1643-1)NessusSuSE Local Security Checks
high
86163Fedora 21 : xen-4.4.3-3.fc21 (2015-15946)NessusFedora Local Security Checks
high
86162Fedora 22 : xen-4.5.1-8.fc22 (2015-15944)NessusFedora Local Security Checks
high
86101Scientific Linux Security Update : qemu-kvm on SL6.x i386/x86_64 (20150922)NessusScientific Linux Local Security Checks
medium
86098RHEL 6 : qemu-kvm (RHSA-2015:1833)NessusRed Hat Local Security Checks
medium
86095Oracle Linux 6 : qemu-kvm (ELSA-2015-1833)NessusOracle Linux Local Security Checks
medium
86000RHEL 6 : qemu-kvm-rhev (RHSA-2015:1740)NessusRed Hat Local Security Checks
medium
85981RHEL 7 : qemu-kvm (RHSA-2015:1793)NessusRed Hat Local Security Checks
medium
85961Scientific Linux Security Update : qemu-kvm on SL7.x x86_64 (20150915)NessusScientific Linux Local Security Checks
medium
85959Oracle Linux 7 : qemu-kvm (ELSA-2015-1793)NessusOracle Linux Local Security Checks
medium
85792SUSE SLED11 Security Update : xen (SUSE-SU-2015:1479-2)NessusSuSE Local Security Checks
high
85791SUSE SLED11 / SLES11 Security Update : xen (SUSE-SU-2015:1479-1)NessusSuSE Local Security Checks
high
85755Debian DSA-3349-1 : qemu-kvm - security updateNessusDebian Local Security Checks
medium
85754Debian DSA-3348-1 : qemu - security updateNessusDebian Local Security Checks
medium
85728Fedora 23 : xen-4.5.1-6.fc23 (2015-14361)NessusFedora Local Security Checks
high
85727Fedora 21 : qemu-2.1.3-9.fc21 (2015-13404)NessusFedora Local Security Checks
high
85683Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : qemu, qemu-kvm vulnerabilities (USN-2724-1)NessusUbuntu Local Security Checks
medium
85661Citrix XenServer QEMU RTL8139 Guest Network Device Information Disclosure (CTX201717)NessusMisc.
medium
85598SUSE SLES11 Security Update : xen (SUSE-SU-2015:1421-1)NessusSuSE Local Security Checks
high
85592Fedora 23 : qemu-2.4.0-1.fc23 (2015-13358)NessusFedora Local Security Checks
medium
85575SUSE SLES11 Security Update : xen (SUSE-SU-2015:1408-1)NessusSuSE Local Security Checks
high
85532SUSE SLED11 / SLES11 Security Update : xen (SUSE-SU-2015:1404-1)NessusSuSE Local Security Checks
high
85505SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2015:1384-1)NessusSuSE Local Security Checks
high
85486FreeBSD : qemu, xen-tools -- QEMU leak of uninitialized heap memory in rtl8139 device model (f06f20dc-4347-11e5-93ad-002590263bf5)NessusFreeBSD Local Security Checks
medium
85480Fedora 22 : qemu-2.3.1-1.fc22 (2015-13402)NessusFedora Local Security Checks
medium
85237OracleVM 3.2 : xen (OVMSA-2015-0112)NessusOracleVM Local Security Checks
medium
85236OracleVM 3.3 : xen (OVMSA-2015-0111)NessusOracleVM Local Security Checks
high