CVE-2015-5165

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2015-5165
The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors.

9.3 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://xenbits.xen.org/xsa/advisory-140.html Patch Vendor Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167820.html Issue Tracking Mailing List Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167792.html Issue Tracking Mailing List Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html Third Party Advisory
http://www.securityfocus.com/bid/76153 Third Party Advisory VDB Entry
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00027.html Issue Tracking Mailing List Third Party Advisory
http://support.citrix.com/article/CTX201717 Broken Link Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1833.html Issue Tracking Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1793.html Issue Tracking Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1740.html Issue Tracking Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1739.html Issue Tracking Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165373.html Issue Tracking Mailing List Third Party Advisory
http://www.securitytracker.com/id/1033176 Third Party Advisory VDB Entry
http://rhn.redhat.com/errata/RHSA-2015-1683.html Issue Tracking Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1674.html Issue Tracking Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00018.html Issue Tracking Mailing List Third Party Advisory
http://www.debian.org/security/2015/dsa-3349 Third Party Advisory
http://www.debian.org/security/2015/dsa-3348 Third Party Advisory
https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13 Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.5.1:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:ltss:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:ltss:*:*:*
cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp1:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:6.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.1_ppc64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
cpe:2.3:a:redhat:virtualization:3.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.2_ppc64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.3_ppc64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.4_ppc64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.5_ppc64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.6_ppc64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.7_ppc64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus_from_rhui:6.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_from_rhui:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:6.7_ppc64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus_compute_node:6.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_from_rhui:6.0:*:*:*:*:*:*:*

Configuration 6 (hide)

OR cpe:2.3:o:arista:eos:4.15:*:*:*:*:*:*:*
cpe:2.3:o:arista:eos:4.14:*:*:*:*:*:*:*
cpe:2.3:o:arista:eos:4.13:*:*:*:*:*:*:*
cpe:2.3:o:arista:eos:4.12:*:*:*:*:*:*:*

Configuration 7 (hide)

cpe:2.3:o:oracle:linux:7:0:*:*:*:*:*:*
History

No history.

Information

Published : 2015-08-12 14:59

Updated : 2023-02-13 00:50

NVD link : CVE-2015-5165

Mitre link : CVE-2015-5165

JSON object : View

Products Affected

redhat

  • openstack
  • enterprise_linux_desktop
  • enterprise_linux_server_eus_from_rhui
  • enterprise_linux_server_eus
  • enterprise_linux_eus_compute_node
  • enterprise_linux_server_from_rhui
  • enterprise_linux_for_power_big_endian_eus
  • enterprise_linux_server_aus
  • enterprise_linux_server_tus
  • enterprise_linux_for_scientific_computing
  • enterprise_linux_for_power_big_endian
  • enterprise_linux_server_update_services_for_sap_solutions
  • enterprise_linux_server
  • enterprise_linux_eus
  • enterprise_linux_compute_node_eus
  • virtualization
  • enterprise_linux_workstation

arista

  • eos

debian

  • debian_linux

fedoraproject

  • fedora

xen

  • xen

suse

  • linux_enterprise_server
  • linux_enterprise_debuginfo

oracle

  • linux
CWE
CWE-908

Use of Uninitialized Resource