CVE-2015-5165
First published: Wed Aug 12 2015(Updated: )
The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Xen xen-unstable | <=4.5.0 | |
| Xen xen-unstable | =4.5.1 | |
| Fedora | =21 | |
| Fedora | =22 | |
| SUSE Linux Enterprise Debuginfo | =11-sp1 | |
| SUSE Linux Enterprise Server | =10-sp4 | |
| SUSE Linux Enterprise Server | =11-sp1 | |
| Debian | =7.0 | |
| Debian | =8.0 | |
| redhat openstack | =5.0 | |
| redhat openstack | =6.0 | |
| Red Hat Enterprise Virtualization | =3.0 | |
| Red Hat Enterprise Linux Compute Node EUS | =7.1 | |
| Red Hat Enterprise Linux Compute Node EUS | =7.2 | |
| Red Hat Enterprise Linux Compute Node EUS | =7.3 | |
| Red Hat Enterprise Linux Compute Node EUS | =7.4 | |
| Red Hat Enterprise Linux Compute Node EUS | =7.5 | |
| Red Hat Enterprise Linux Compute Node EUS | =7.6 | |
| Red Hat Enterprise Linux Compute Node EUS | =7.7 | |
| redhat enterprise Linux desktop | =6.0 | |
| redhat enterprise Linux eus | =6.7 | |
| Red Hat Enterprise Linux | =6.7 | |
| redhat enterprise Linux for power big endian | =6.0 | |
| redhat enterprise Linux for power big endian | =7.0 | |
| redhat enterprise Linux for power big endian eus | =6.7_ppc64 | |
| redhat enterprise Linux for power big endian eus | =7.1_ppc64 | |
| redhat enterprise Linux for power big endian eus | =7.2_ppc64 | |
| redhat enterprise Linux for power big endian eus | =7.3_ppc64 | |
| redhat enterprise Linux for power big endian eus | =7.4_ppc64 | |
| redhat enterprise Linux for power big endian eus | =7.5_ppc64 | |
| redhat enterprise Linux for power big endian eus | =7.6_ppc64 | |
| redhat enterprise Linux for power big endian eus | =7.7_ppc64 | |
| redhat enterprise Linux for scientific computing | =6.0 | |
| redhat enterprise Linux for scientific computing | =7.0 | |
| redhat enterprise Linux server | =6.0 | |
| redhat enterprise Linux server | =7.0 | |
| redhat enterprise Linux server aus | =7.3 | |
| redhat enterprise Linux server aus | =7.4 | |
| redhat enterprise Linux server aus | =7.6 | |
| redhat enterprise Linux server aus | =7.7 | |
| redhat enterprise Linux server eus | =7.1 | |
| redhat enterprise Linux server eus | =7.2 | |
| redhat enterprise Linux server eus | =7.3 | |
| redhat enterprise Linux server eus | =7.4 | |
| redhat enterprise Linux server eus | =7.5 | |
| redhat enterprise Linux server eus | =7.6 | |
| redhat enterprise Linux server eus | =7.7 | |
| Red Hat Enterprise Linux Server Supplementary EUS | =6.7 | |
| Red Hat Enterprise Linux Server Supplementary EUS | =6.0 | |
| Red Hat Enterprise Linux Server Supplementary EUS | =7.0 | |
| redhat enterprise Linux server tus | =7.3 | |
| redhat enterprise Linux server tus | =7.6 | |
| redhat enterprise Linux server tus | =7.7 | |
| redhat enterprise Linux server update services for sap solutions | =7.2 | |
| redhat enterprise Linux server update services for sap solutions | =7.3 | |
| redhat enterprise Linux server update services for sap solutions | =7.4 | |
| redhat enterprise Linux server update services for sap solutions | =7.6 | |
| redhat enterprise Linux server update services for sap solutions | =7.7 | |
| redhat enterprise Linux workstation | =6.0 | |
| redhat enterprise Linux workstation | =7.0 | |
| Arista EOS | =4.12 | |
| Arista EOS | =4.13 | |
| Arista EOS | =4.14 | |
| Arista EOS | =4.15 | |
| Oracle Linux | =7-0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165373.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167792.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167820.html
- http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00018.html
- http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00027.html
- http://rhn.redhat.com/errata/RHSA-2015-1674.html
- http://rhn.redhat.com/errata/RHSA-2015-1683.html
- http://rhn.redhat.com/errata/RHSA-2015-1739.html
- http://rhn.redhat.com/errata/RHSA-2015-1740.html
- http://rhn.redhat.com/errata/RHSA-2015-1793.html
- http://rhn.redhat.com/errata/RHSA-2015-1833.html
- http://support.citrix.com/article/CTX201717
- http://www.debian.org/security/2015/dsa-3348
- http://www.debian.org/security/2015/dsa-3349
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.securityfocus.com/bid/76153
- http://www.securitytracker.com/id/1033176
- http://xenbits.xen.org/xsa/advisory-140.html
- https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13
Frequently Asked Questions
What is the severity of CVE-2015-5165?
CVE-2015-5165 has a high severity rating due to its potential to allow remote attackers to read sensitive process heap memory.
How do I fix CVE-2015-5165?
To fix CVE-2015-5165, you should update to the latest version of the affected software that includes the security patch.
Which software is affected by CVE-2015-5165?
CVE-2015-5165 affects certain versions of Xen, Fedora, SUSE Linux, Debian, and various Red Hat products.
Can CVE-2015-5165 be exploited remotely?
Yes, CVE-2015-5165 can be exploited remotely by attackers, posing a significant risk to vulnerable systems.
What are the potential effects of CVE-2015-5165?
The potential effects of CVE-2015-5165 include unauthorized access to sensitive information and process memory leakage.
- agent/type
- agent/references
- agent/weakness
- agent/severity
- agent/remedy
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/xen
- canonical/xen xen-unstable
- version/xen xen-unstable/4.5.0
- version/xen xen-unstable/4.5.1
- vendor/fedoraproject
- canonical/fedora
- version/fedora/21
- version/fedora/22
- vendor/suse
- canonical/suse linux enterprise debuginfo
- version/suse linux enterprise debuginfo/11-sp1
- canonical/suse linux enterprise server
- version/suse linux enterprise server/10-sp4
- version/suse linux enterprise server/11-sp1
- vendor/debian
- canonical/debian
- version/debian/7.0
- version/debian/8.0
- vendor/redhat
- canonical/redhat openstack
- version/redhat openstack/5.0
- version/redhat openstack/6.0
- canonical/red hat enterprise virtualization
- version/red hat enterprise virtualization/3.0
- canonical/red hat enterprise linux compute node eus
- version/red hat enterprise linux compute node eus/7.1
- version/red hat enterprise linux compute node eus/7.2
- version/red hat enterprise linux compute node eus/7.3
- version/red hat enterprise linux compute node eus/7.4
- version/red hat enterprise linux compute node eus/7.5
- version/red hat enterprise linux compute node eus/7.6
- version/red hat enterprise linux compute node eus/7.7
- canonical/redhat enterprise linux desktop
- version/redhat enterprise linux desktop/6.0
- canonical/redhat enterprise linux eus
- version/redhat enterprise linux eus/6.7
- canonical/red hat enterprise linux
- version/red hat enterprise linux/6.7
- canonical/redhat enterprise linux for power big endian
- version/redhat enterprise linux for power big endian/6.0
- version/redhat enterprise linux for power big endian/7.0
- canonical/redhat enterprise linux for power big endian eus
- version/redhat enterprise linux for power big endian eus/6.7_ppc64
- version/redhat enterprise linux for power big endian eus/7.1_ppc64
- version/redhat enterprise linux for power big endian eus/7.2_ppc64
- version/redhat enterprise linux for power big endian eus/7.3_ppc64
- version/redhat enterprise linux for power big endian eus/7.4_ppc64
- version/redhat enterprise linux for power big endian eus/7.5_ppc64
- version/redhat enterprise linux for power big endian eus/7.6_ppc64
- version/redhat enterprise linux for power big endian eus/7.7_ppc64
- canonical/redhat enterprise linux for scientific computing
- version/redhat enterprise linux for scientific computing/6.0
- version/redhat enterprise linux for scientific computing/7.0
- canonical/redhat enterprise linux server
- version/redhat enterprise linux server/6.0
- version/redhat enterprise linux server/7.0
- canonical/redhat enterprise linux server aus
- version/redhat enterprise linux server aus/7.3
- version/redhat enterprise linux server aus/7.4
- version/redhat enterprise linux server aus/7.6
- version/redhat enterprise linux server aus/7.7
- canonical/redhat enterprise linux server eus
- version/redhat enterprise linux server eus/7.1
- version/redhat enterprise linux server eus/7.2
- version/redhat enterprise linux server eus/7.3
- version/redhat enterprise linux server eus/7.4
- version/redhat enterprise linux server eus/7.5
- version/redhat enterprise linux server eus/7.6
- version/redhat enterprise linux server eus/7.7
- canonical/red hat enterprise linux server supplementary eus
- version/red hat enterprise linux server supplementary eus/6.7
- version/red hat enterprise linux server supplementary eus/6.0
- version/red hat enterprise linux server supplementary eus/7.0
- canonical/redhat enterprise linux server tus
- version/redhat enterprise linux server tus/7.3
- version/redhat enterprise linux server tus/7.6
- version/redhat enterprise linux server tus/7.7
- canonical/redhat enterprise linux server update services for sap solutions
- version/redhat enterprise linux server update services for sap solutions/7.2
- version/redhat enterprise linux server update services for sap solutions/7.3
- version/redhat enterprise linux server update services for sap solutions/7.4
- version/redhat enterprise linux server update services for sap solutions/7.6
- version/redhat enterprise linux server update services for sap solutions/7.7
- canonical/redhat enterprise linux workstation
- version/redhat enterprise linux workstation/6.0
- version/redhat enterprise linux workstation/7.0
- vendor/arista
- canonical/arista eos
- version/arista eos/4.12
- version/arista eos/4.13
- version/arista eos/4.14
- version/arista eos/4.15
- vendor/oracle
- canonical/oracle linux
- version/oracle linux/7-0