CVE-2015-5165

Loading...

General

Score:5.0/10.0
Severity:Medium
Category:Information Leak / Disclosure

Impact Metrics

Confidentiality:Partial
Integrity:None
Availability:None

Exploitability Metrics

Access Vector:Network
Access Complexity:Low
Authentication:None

Relative vulnerabilities

CVE-2010-0431, CVE-2010-2784, CVE-2011-0011, CVE-2011-1750, CVE-2011-1751, CVE-2011-2212, CVE-2011-2527, CVE-2011-4111, CVE-2011-4127, CVE-2012-0029, CVE-2012-2652, CVE-2012-3515, CVE-2012-6075, CVE-2013-2007, CVE-2013-2231, CVE-2013-4148, CVE-2013-4151, CVE-2013-4344, CVE-2013-4535, CVE-2013-4536, CVE-2013-4541, CVE-2013-4542, CVE-2013-6399, CVE-2014-0142, CVE-2014-0143, CVE-2014-0144, CVE-2014-0145, CVE-2014-0146, CVE-2014-0147, CVE-2014-0150, CVE-2014-0182, CVE-2014-0222, CVE-2014-0223, CVE-2014-2894, CVE-2014-3461, CVE-2014-3640, CVE-2014-7815, CVE-2014-7840, CVE-2014-8106, CVE-2014-9718, CVE-2015-2751, CVE-2015-2752, CVE-2015-2756, CVE-2015-3209, CVE-2015-3214, CVE-2015-3259, CVE-2015-3456, CVE-2015-4164, CVE-2015-5154, CVE-2015-5166, CVE-2015-5225, CVE-2015-5279, CVE-2015-5307, CVE-2015-5745, CVE-2015-7512, CVE-2015-7969, CVE-2015-7970, CVE-2015-7971, CVE-2015-7972, CVE-2015-8104, CVE-2015-8339, CVE-2015-8340, CVE-2015-8550, CVE-2015-8554, CVE-2015-8555, CVE-2015-8615, CVE-2016-1570, CVE-2016-1571, CVE-2016-1714, CVE-2016-2270, CVE-2016-2271, CVE-2016-2857, CVE-2016-3710, CVE-2016-3712, CVE-2016-5403, CVE-2017-2615, CVE-2017-2620

Published on 12/08/15 - Updated on 04/11/17

Description

The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors.

Category: Information Leak / Disclosure

CWE-200 (Information Exposure)
An information exposure is the intentional or unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information.

Security Notices

US National Vulnerability DatabaseCVE-2015-5165
Agence Nationale de la Sécurité des Systèmes d'Information CERTFR-2015-AVI-325, CERTFR-2015-AVI-360, CERTFR-2015-AVI-442
CentOS CESA-2015:1793, CESA-2015:1833
Debian DSA-3348-1, DSA-3349-1
Debian LTSDLA-479-1
Oracle Linux ELSA-2015-1793, ELSA-2015-1833, ELSA-2016-0997, ELSA-2017-0621
Redhat RHSA-2015:1674, RHSA-2015:1683, RHSA-2015:1718, RHSA-2015:1793, RHSA-2015:1833
SUSE SUSE-SU-2015:1384, SUSE-SU-2015:1404, SUSE-SU-2015:1408, SUSE-SU-2015:1421, SUSE-SU-2015:1479, SUSE-SU-2015:1643
Ubuntu USN-2724-1

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
fedoraprojectfedora
xenxen

Share this vulnerability with:

Twitter Facebook LinkedIn Mail