CVE-2015-5165

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 12-08-2015 04:59

Last modified: - 11-02-2022 03:52

Total changes: - 3

Description

The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:M/Au:N/C:C/I:C/A:C

Low

Attack complexity

Network

Attack vector

High

Availability

High

Confidentiality

High

Integrity

Privileges required

Scope

User interaction

9.3

Base score

8.6

10.0

Exploitability score

Impact score

Verification logic

vendor=xen AND product=xen AND versionEndIncluding=4.5.0

vendor=xen AND product=xen AND version=4.5.1

vendor=fedoraproject AND product=fedora AND version=22

vendor=fedoraproject AND product=fedora AND version=21

vendor=suse AND product=linux_enterprise_debuginfo AND version=11 AND update=sp1

vendor=suse AND product=linux_enterprise_server AND version=10 AND update=sp4 AND software_edition=ltss

vendor=suse AND product=linux_enterprise_server AND version=11 AND update=sp1 AND software_edition=ltss

vendor=Debian AND product=debian_linux AND version=7.0

vendor=Debian AND product=debian_linux AND version=8.0

vendor=Red Hat Enterprise Linux AND product=openstack AND version=5.0

vendor=Red Hat Enterprise Linux AND product=openstack AND version=6.0

vendor=Red Hat Enterprise Linux AND product=virtualization AND version=3.0

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_compute_node_eus AND version=7.1

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_compute_node_eus AND version=7.2

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_compute_node_eus AND version=7.3

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_compute_node_eus AND version=7.4

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_compute_node_eus AND version=7.5

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_compute_node_eus AND version=7.6

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_compute_node_eus AND version=7.7

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_desktop AND version=6.0

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_eus AND version=6.7

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_eus_compute_node AND version=6.7

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_for_power_big_endian AND version=6.0

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_for_power_big_endian AND version=7.0

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_for_power_big_endian_eus AND version=6.7_ppc64

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_for_power_big_endian_eus AND version=7.1_ppc64

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_for_power_big_endian_eus AND version=7.2_ppc64

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_for_power_big_endian_eus AND version=7.3_ppc64

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_for_power_big_endian_eus AND version=7.4_ppc64

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_for_power_big_endian_eus AND version=7.5_ppc64

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_for_power_big_endian_eus AND version=7.6_ppc64

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_for_power_big_endian_eus AND version=7.7_ppc64

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_for_scientific_computing AND version=6.0

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_for_scientific_computing AND version=7.0

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server AND version=6.0

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server AND version=7.0

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server_aus AND version=7.3

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server_aus AND version=7.4

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server_aus AND version=7.6

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server_aus AND version=7.7

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server_eus AND version=7.1

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server_eus AND version=7.2

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server_eus AND version=7.3

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server_eus AND version=7.4

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server_eus AND version=7.5

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server_eus AND version=7.6

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server_eus AND version=7.7

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server_eus_from_rhui AND version=6.7

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server_from_rhui AND version=6.0

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server_from_rhui AND version=7.0

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server_tus AND version=7.3

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server_tus AND version=7.6

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server_tus AND version=7.7

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server_update_services_for_sap_solutions AND version=7.2

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server_update_services_for_sap_solutions AND version=7.3

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server_update_services_for_sap_solutions AND version=7.4

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server_update_services_for_sap_solutions AND version=7.6

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server_update_services_for_sap_solutions AND version=7.7

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_workstation AND version=6.0

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_workstation AND version=7.0

vendor=arista AND product=eos AND version=4.12

vendor=arista AND product=eos AND version=4.13

vendor=arista AND product=eos AND version=4.14

vendor=arista AND product=eos AND version=4.15

vendor=oracle AND product=linux AND version=7 AND update=0

Reference

http://xenbits.xen.org/xsa/advisory-140.html
FEDORA-2015-15944-Issue Tracking, Mailing List, Third Party Advisory
FEDORA-2015-15946-Issue Tracking, Mailing List, Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
76153-Third Party Advisory, VDB Entry
SUSE-SU-2015:1643-Issue Tracking, Mailing List, Third Party Advisory
http://support.citrix.com/article/CTX201717
RHSA-2015:1833-Issue Tracking, Third Party Advisory
RHSA-2015:1793-Issue Tracking, Third Party Advisory
RHSA-2015:1740-Issue Tracking, Third Party Advisory
RHSA-2015:1739-Issue Tracking, Third Party Advisory
FEDORA-2015-14361-Issue Tracking, Mailing List, Third Party Advisory
1033176-Third Party Advisory, VDB Entry
RHSA-2015:1683-Issue Tracking, Third Party Advisory
RHSA-2015:1674-Issue Tracking, Third Party Advisory
SUSE-SU-2015:1421-Issue Tracking, Mailing List, Third Party Advisory
DSA-3349-Third Party Advisory
DSA-3348-Third Party Advisory
https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13

Keywords

CVE-2015-5165

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2015-5165

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures