CVE-2015-5165

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2015-5165
The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors.

9.3 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165373.html Issue Tracking Mailing List Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167792.html Issue Tracking Mailing List Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167820.html Issue Tracking Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00018.html Issue Tracking Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00027.html Issue Tracking Mailing List Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1674.html Issue Tracking Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1683.html Issue Tracking Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1739.html Issue Tracking Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1740.html Issue Tracking Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1793.html Issue Tracking Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1833.html Issue Tracking Third Party Advisory
http://support.citrix.com/article/CTX201717 Broken Link Third Party Advisory
http://www.debian.org/security/2015/dsa-3348 Third Party Advisory
http://www.debian.org/security/2015/dsa-3349 Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html Third Party Advisory
http://www.securityfocus.com/bid/76153 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1033176 Third Party Advisory VDB Entry
http://xenbits.xen.org/xsa/advisory-140.html Patch Vendor Advisory
https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13 Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.5.1:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp1:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:ltss:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:ltss:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:virtualization:3.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:6.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus_compute_node:6.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:6.7_ppc64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.1_ppc64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.2_ppc64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.3_ppc64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.4_ppc64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.5_ppc64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.6_ppc64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.7_ppc64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus_from_rhui:6.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_from_rhui:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_from_rhui:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Configuration 6 (hide)

OR cpe:2.3:o:arista:eos:4.12:*:*:*:*:*:*:*
cpe:2.3:o:arista:eos:4.13:*:*:*:*:*:*:*
cpe:2.3:o:arista:eos:4.14:*:*:*:*:*:*:*
cpe:2.3:o:arista:eos:4.15:*:*:*:*:*:*:*

Configuration 7 (hide)

cpe:2.3:o:oracle:linux:7:0:*:*:*:*:*:*
History

No history.

Information

Published : 2015-08-12 14:59

Updated : 2023-02-13 00:50

NVD link : CVE-2015-5165

Mitre link : CVE-2015-5165

CVE.ORG link : CVE-2015-5165

JSON object : View

Products Affected

xen

  • xen

oracle

  • linux

suse

  • linux_enterprise_debuginfo
  • linux_enterprise_server

redhat

  • enterprise_linux_desktop
  • openstack
  • enterprise_linux_eus
  • enterprise_linux_server_tus
  • enterprise_linux_eus_compute_node
  • enterprise_linux_server_aus
  • enterprise_linux_for_scientific_computing
  • enterprise_linux_compute_node_eus
  • enterprise_linux_server
  • enterprise_linux_server_eus_from_rhui
  • enterprise_linux_server_from_rhui
  • enterprise_linux_server_update_services_for_sap_solutions
  • enterprise_linux_workstation
  • enterprise_linux_for_power_big_endian
  • virtualization
  • enterprise_linux_for_power_big_endian_eus
  • enterprise_linux_server_eus

fedoraproject

  • fedora

arista

  • eos

debian

  • debian_linux
CWE
CWE-908

Use of Uninitialized Resource