CVE-2015-5165

high

Description

An information leak flaw was found in the way QEMU's RTL8139 emulation implementation processed network packets under RTL8139 controller's C+ mode of operation. An unprivileged guest user could use this flaw to read up to 65 KB of uninitialized QEMU heap memory.

References

http://xenbits.xen.org/xsa/advisory-140.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167820.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167792.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

http://www.securityfocus.com/bid/76153

http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00027.html

http://support.citrix.com/article/CTX201717

http://rhn.redhat.com/errata/RHSA-2015-1833.html

http://rhn.redhat.com/errata/RHSA-2015-1793.html

http://rhn.redhat.com/errata/RHSA-2015-1740.html

http://rhn.redhat.com/errata/RHSA-2015-1739.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165373.html

http://www.securitytracker.com/id/1033176

http://rhn.redhat.com/errata/RHSA-2015-1683.html

http://rhn.redhat.com/errata/RHSA-2015-1674.html

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00018.html

http://www.debian.org/security/2015/dsa-3349

http://www.debian.org/security/2015/dsa-3348

https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13

https://access.redhat.com/errata/RHSA-2015:1740

https://access.redhat.com/errata/RHSA-2015:1683

https://bugzilla.redhat.com/show_bug.cgi?id=1248760

https://access.redhat.com/errata/RHSA-2015:1833

https://access.redhat.com/security/cve/CVE-2015-5165

https://access.redhat.com/errata/RHSA-2015:1674

https://access.redhat.com/errata/RHSA-2015:1793

https://access.redhat.com/errata/RHSA-2015:1718

https://access.redhat.com/errata/RHSA-2015:1739

Details

Source: MITRE

Published: 2015-08-12

Updated: 2023-02-02

Type: CWE-908

Risk Information

CVSS v2

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH