CVE-2015-5165

EPSS 10.86%
Veröffentlicht 12.08.2015 14:59:24
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 22

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Xen ≫ Xen Version <= 4.5.0

Xen ≫ Xen Version4.5.1

Fedoraproject ≫ Fedora Version21

Fedoraproject ≫ Fedora Version22

Suse ≫ Linux Enterprise Debuginfo Version11 Updatesp1

Suse ≫ Linux Enterprise Server Version10 Updatesp4 SwEditionltss

Suse ≫ Linux Enterprise Server Version11 Updatesp1 SwEditionltss

Debian ≫ Debian Linux Version7.0

Debian ≫ Debian Linux Version8.0

Redhat ≫ Openstack Version5.0

Redhat ≫ Openstack Version6.0

Redhat ≫ Virtualization Version3.0

Redhat ≫ Enterprise Linux Compute Node Eus Version7.1

Redhat ≫ Enterprise Linux Compute Node Eus Version7.2

Redhat ≫ Enterprise Linux Compute Node Eus Version7.3

Redhat ≫ Enterprise Linux Compute Node Eus Version7.4

Redhat ≫ Enterprise Linux Compute Node Eus Version7.5

Redhat ≫ Enterprise Linux Compute Node Eus Version7.6

Redhat ≫ Enterprise Linux Compute Node Eus Version7.7

Redhat ≫ Enterprise Linux Desktop Version6.0

Redhat ≫ Enterprise Linux Eus Version6.7

Redhat ≫ Enterprise Linux Eus Compute Node Version6.7

Redhat ≫ Enterprise Linux For Power Big Endian Version6.0

Redhat ≫ Enterprise Linux For Power Big Endian Version7.0

Redhat ≫ Enterprise Linux For Power Big Endian Eus Version6.7_ppc64

Redhat ≫ Enterprise Linux For Power Big Endian Eus Version7.1_ppc64

Redhat ≫ Enterprise Linux For Power Big Endian Eus Version7.2_ppc64

Redhat ≫ Enterprise Linux For Power Big Endian Eus Version7.3_ppc64

Redhat ≫ Enterprise Linux For Power Big Endian Eus Version7.4_ppc64

Redhat ≫ Enterprise Linux For Power Big Endian Eus Version7.5_ppc64

Redhat ≫ Enterprise Linux For Power Big Endian Eus Version7.6_ppc64

Redhat ≫ Enterprise Linux For Power Big Endian Eus Version7.7_ppc64

Redhat ≫ Enterprise Linux For Scientific Computing Version6.0

Redhat ≫ Enterprise Linux For Scientific Computing Version7.0

Redhat ≫ Enterprise Linux Server Version6.0

Redhat ≫ Enterprise Linux Server Version7.0

Redhat ≫ Enterprise Linux Server Aus Version7.3

Redhat ≫ Enterprise Linux Server Aus Version7.4

Redhat ≫ Enterprise Linux Server Aus Version7.6

Redhat ≫ Enterprise Linux Server Aus Version7.7

Redhat ≫ Enterprise Linux Server Eus Version7.1

Redhat ≫ Enterprise Linux Server Eus Version7.2

Redhat ≫ Enterprise Linux Server Eus Version7.3

Redhat ≫ Enterprise Linux Server Eus Version7.4

Redhat ≫ Enterprise Linux Server Eus Version7.5

Redhat ≫ Enterprise Linux Server Eus Version7.6

Redhat ≫ Enterprise Linux Server Eus Version7.7

Redhat ≫ Enterprise Linux Server Eus From Rhui Version6.7

Redhat ≫ Enterprise Linux Server From Rhui Version6.0

Redhat ≫ Enterprise Linux Server From Rhui Version7.0

Redhat ≫ Enterprise Linux Server Tus Version7.3

Redhat ≫ Enterprise Linux Server Tus Version7.6

Redhat ≫ Enterprise Linux Server Tus Version7.7

Redhat ≫ Enterprise Linux Server Update Services For Sap Solutions Version7.2

Redhat ≫ Enterprise Linux Server Update Services For Sap Solutions Version7.3

Redhat ≫ Enterprise Linux Server Update Services For Sap Solutions Version7.4

Redhat ≫ Enterprise Linux Server Update Services For Sap Solutions Version7.6

Redhat ≫ Enterprise Linux Server Update Services For Sap Solutions Version7.7

Redhat ≫ Enterprise Linux Workstation Version6.0

Redhat ≫ Enterprise Linux Workstation Version7.0

Arista ≫ Eos Version4.12

Arista ≫ Eos Version4.13

Arista ≫ Eos Version4.14

Arista ≫ Eos Version4.15

Oracle ≫ Linux Version7 Update0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	10.86%	0.931

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-908 Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00027.html

Third Party Advisory

Mailing List

Issue Tracking

https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00018.html

Third Party Advisory

Mailing List

Issue Tracking

http://www.debian.org/security/2015/dsa-3348

Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165373.html

Third Party Advisory

Mailing List

Issue Tracking

http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167792.html

Third Party Advisory

Mailing List

Issue Tracking

http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167820.html

Third Party Advisory

Mailing List

Issue Tracking

http://rhn.redhat.com/errata/RHSA-2015-1674.html

Third Party Advisory

Issue Tracking

http://rhn.redhat.com/errata/RHSA-2015-1683.html

Third Party Advisory

Issue Tracking

http://rhn.redhat.com/errata/RHSA-2015-1739.html

Third Party Advisory

Issue Tracking

http://rhn.redhat.com/errata/RHSA-2015-1740.html

Third Party Advisory

Issue Tracking

http://rhn.redhat.com/errata/RHSA-2015-1793.html

Third Party Advisory

Issue Tracking

http://rhn.redhat.com/errata/RHSA-2015-1833.html

Third Party Advisory

Issue Tracking

http://support.citrix.com/article/CTX201717

Third Party Advisory

Broken Link

http://www.debian.org/security/2015/dsa-3349

Third Party Advisory

http://www.securityfocus.com/bid/76153

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1033176

Third Party Advisory

VDB Entry

http://xenbits.xen.org/xsa/advisory-140.html

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2015-5165

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-5165

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-5165

EUVD