CVE-2015-5165

2015-08-1214:59:00

CWE-908

[email protected]

web.nvd.nist.gov

qemu

rtl8139

network card

cve-2015-5165

xen

nvd

security vulnerability

6.5 Medium

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.003 Low

EPSS

Percentile

70.9%

JSON

The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors.

CPENameOperatorVersion
xen:xenxenle4.5.0
xen:xenxeneq4.5.1
fedoraproject:fedorafedoraproject fedoraeq22
fedoraproject:fedorafedoraproject fedoraeq21
suse:linux_enterprise_serversuse linux enterprise servereq11
suse:linux_enterprise_serversuse linux enterprise servereq10
suse:linux_enterprise_debuginfosuse linux enterprise debuginfoeq11
debian:debian_linuxdebian debian linuxeq8.0
debian:debian_linuxdebian debian linuxeq7.0
redhat:enterprise_linux_for_scientific_computingredhat enterprise linux for scientific computingeq6.0

CPE	Name	Operator	Version
xen:xen	xen	le	4.5.0
xen:xen	xen	eq	4.5.1
fedoraproject:fedora	fedoraproject fedora	eq	22
fedoraproject:fedora	fedoraproject fedora	eq	21
suse:linux_enterprise_server	suse linux enterprise server	eq	11
suse:linux_enterprise_server	suse linux enterprise server	eq	10
suse:linux_enterprise_debuginfo	suse linux enterprise debuginfo	eq	11
debian:debian_linux	debian debian linux	eq	8.0
debian:debian_linux	debian debian linux	eq	7.0
redhat:enterprise_linux_for_scientific_computing	redhat enterprise linux for scientific computing	eq	6.0