CVE-2015-5154

Loading...

General

Score:7.2/10.0
Severity:Medium
Category:Buffer Error

Impact Metrics

Confidentiality:Complete
Integrity:Complete
Availability:Complete

Exploitability Metrics

Access Vector:Local
Access Complexity:Low
Authentication:None

Relative vulnerabilities

CVE-2014-7815, CVE-2015-2751, CVE-2015-3209, CVE-2015-3214, CVE-2015-3259, CVE-2015-4106, CVE-2015-4164, CVE-2015-5158, CVE-2015-5165, CVE-2015-5166, CVE-2015-5225, CVE-2015-5239, CVE-2015-5278, CVE-2015-5279, CVE-2015-5307, CVE-2015-5745, CVE-2015-6815, CVE-2015-6855, CVE-2015-7311, CVE-2015-7504, CVE-2015-7835, CVE-2015-8104, CVE-2015-8339, CVE-2015-8340, CVE-2015-8341, CVE-2015-8345

Published on 12/08/15 - Updated on 28/12/17

Description

Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.

Category: Buffer Error

CWE-119 (Buffer Errors)
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Security Notices

US National Vulnerability DatabaseCVE-2015-5154
Agence Nationale de la Sécurité des Systèmes d'Information CERTFR-2015-AVI-319, CERTFR-2015-AVI-320
Arch Linux ASA-201507-21
CentOS CESA-2015:1507
Debian DSA-3348-1
Oracle Linux ELSA-2015-1507
Redhat RHSA-2015:1507, RHSA-2015:1512
SUSE SUSE-SU-2015:1299, SUSE-SU-2015:1302, SUSE-SU-2015:1408, SUSE-SU-2015:1409, SUSE-SU-2015:1421, SUSE-SU-2015:1426, SUSE-SU-2015:1455, SUSE-SU-2015:1472, SUSE-SU-2015:1479, SUSE-SU-2015:1643, SUSE-SU-2015:1782, SUSE-SU-2015:2324
Ubuntu USN-2692-1

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
fedoraprojectfedora
qemuqemu
suselinux_enterprise_debuginfo
suselinux_enterprise_desktop
suselinux_enterprise_server
suselinux_enterprise_software_development_kit
xenxen

Share this vulnerability with:

Twitter Facebook LinkedIn Mail