CVE-2015-5165
Summary
| CVE | CVE-2015-5165 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2015-08-12 14:59:00 UTC |
| Updated | 2023-02-13 00:50:00 UTC |
| Description | The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors. |
Risk And Classification
Problem Types: CWE-908
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Arista | Eos | 4.12 | All | All | All |
| Operating System | Arista | Eos | 4.13 | All | All | All |
| Operating System | Arista | Eos | 4.14 | All | All | All |
| Operating System | Arista | Eos | 4.15 | All | All | All |
| Operating System | Debian | Debian Linux | 7.0 | All | All | All |
| Operating System | Debian | Debian Linux | 8.0 | All | All | All |
| Operating System | Fedoraproject | Fedora | 21 | All | All | All |
| Operating System | Fedoraproject | Fedora | 22 | All | All | All |
| Operating System | Fedoraproject | Fedora | 21 | All | All | All |
| Operating System | Fedoraproject | Fedora | 22 | All | All | All |
| Operating System | Oracle | Linux | 7 | 0 | All | All |
| Operating System | Redhat | Enterprise Linux Compute Node Eus | 7.1 | All | All | All |
| Operating System | Redhat | Enterprise Linux Compute Node Eus | 7.2 | All | All | All |
| Operating System | Redhat | Enterprise Linux Compute Node Eus | 7.3 | All | All | All |
| Operating System | Redhat | Enterprise Linux Compute Node Eus | 7.4 | All | All | All |
| Operating System | Redhat | Enterprise Linux Compute Node Eus | 7.5 | All | All | All |
| Operating System | Redhat | Enterprise Linux Compute Node Eus | 7.6 | All | All | All |
| Operating System | Redhat | Enterprise Linux Compute Node Eus | 7.7 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Eus | 6.7 | All | All | All |
| Operating System | Redhat | Enterprise Linux Eus Compute Node | 6.7 | All | All | All |
| Operating System | Redhat | Enterprise Linux For Power Big Endian | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux For Power Big Endian | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux For Power Big Endian Eus | 6.7_ppc64 | All | All | All |
| Operating System | Redhat | Enterprise Linux For Power Big Endian Eus | 7.1_ppc64 | All | All | All |
| Operating System | Redhat | Enterprise Linux For Power Big Endian Eus | 7.2_ppc64 | All | All | All |
| Operating System | Redhat | Enterprise Linux For Power Big Endian Eus | 7.3_ppc64 | All | All | All |
| Operating System | Redhat | Enterprise Linux For Power Big Endian Eus | 7.4_ppc64 | All | All | All |
| Operating System | Redhat | Enterprise Linux For Power Big Endian Eus | 7.5_ppc64 | All | All | All |
| Operating System | Redhat | Enterprise Linux For Power Big Endian Eus | 7.6_ppc64 | All | All | All |
| Operating System | Redhat | Enterprise Linux For Power Big Endian Eus | 7.7_ppc64 | All | All | All |
| Operating System | Redhat | Enterprise Linux For Scientific Computing | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux For Scientific Computing | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 7.3 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 7.4 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 7.6 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 7.7 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Eus | 7.1 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Eus | 7.2 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Eus | 7.3 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Eus | 7.4 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Eus | 7.5 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Eus | 7.6 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Eus | 7.7 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Eus From Rhui | 6.7 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server From Rhui | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server From Rhui | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Tus | 7.3 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Tus | 7.6 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Tus | 7.7 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Update Services For Sap Solutions | 7.2 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Update Services For Sap Solutions | 7.3 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Update Services For Sap Solutions | 7.4 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Update Services For Sap Solutions | 7.6 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Update Services For Sap Solutions | 7.7 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 7.0 | All | All | All |
| Application | Redhat | Openstack | 5.0 | All | All | All |
| Application | Redhat | Openstack | 6.0 | All | All | All |
| Application | Redhat | Virtualization | 3.0 | All | All | All |
| Application | Suse | Linux Enterprise Debuginfo | 11 | sp1 | All | All |
| Operating System | Suse | Linux Enterprise Server | 10 | sp4 | All | All |
| Operating System | Suse | Linux Enterprise Server | 11 | sp1 | All | All |
| Operating System | Xen | Xen | 4.5.1 | All | All | All |
| Operating System | Xen | Xen | 4.5.1 | All | All | All |
| Operating System | Xen | Xen | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| [SECURITY] Fedora 23 Update: xen-4.5.1-6.fc23 | FEDORA | lists.fedoraproject.org | |
| Red Hat Customer Portal | MISC | access.redhat.com | |
| Red Hat Customer Portal | MISC | access.redhat.com | |
| QEMU Realtek rtl8139 Model CVE-2015-5165 Information Disclosure Vulnerability | BID | www.securityfocus.com | |
| Arista - Security Advisory 0013 | MISC | www.arista.com | |
| Debian -- Security Information -- DSA-3348-1 qemu | DEBIAN | www.debian.org | |
| [SECURITY] Fedora 22 Update: xen-4.5.1-8.fc22 | FEDORA | lists.fedoraproject.org | |
| Red Hat Customer Portal | MISC | access.redhat.com | |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | |
| [security-announce] SUSE-SU-2015:1643-1: important: Security update for | SUSE | lists.opensuse.org | |
| Xen RTL8139 Device Model Memory Initialization Bug Lets Local Users on a Guest System Obtain Potentially Sensitive Information from the Host System - SecurityTracker | SECTRACK | www.securitytracker.com | |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | |
| XSA-140 - Xen Security Advisories | CONFIRM | xenbits.xen.org | Patch, Vendor Advisory |
| Bug 1248760 – CVE-2015-5165 Qemu: rtl8139 uninitialized heap memory information leakage to guest (XSA-140) | MISC | bugzilla.redhat.com | |
| Red Hat Customer Portal | MISC | access.redhat.com | |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | |
| Red Hat Customer Portal | MISC | access.redhat.com | |
| access.redhat.com | CVE-2015-5165 | MISC | access.redhat.com | |
| Oracle Linux Bulletin - October 2015 | CONFIRM | www.oracle.com | |
| Debian -- Security Information -- DSA-3349-1 qemu-kvm | DEBIAN | www.debian.org | |
| [SECURITY] Fedora 21 Update: xen-4.4.3-3.fc21 | FEDORA | lists.fedoraproject.org | |
| CVE-2015-5165 - Vulnerability in Citrix XenServer Could Result in Information Disclosure | CONFIRM | support.citrix.com | |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | |
| Red Hat Customer Portal | MISC | access.redhat.com | |
| [security-announce] SUSE-SU-2015:1421-1: important: Security update for | SUSE | lists.opensuse.org | |
| Red Hat Customer Portal | MISC | access.redhat.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.