Lucene search

[email protected]CVE-2015-5166

HistoryAug 12, 2015 - 2:59 p.m.

CVE-2015-5166

2015-08-1214:59:00

CWE-264

[email protected]

web.nvd.nist.gov

cve

2015

5166

use-after-free

vulnerability

qemu

xen

hvm

guest

privileges

local

6.3 Medium

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

25.6%

JSON

Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice.

CPENameOperatorVersion
fedoraproject:fedorafedoraproject fedoraeq22
fedoraproject:fedorafedoraproject fedoraeq21
xen:xenxenle4.5.0
xen:xenxeneq4.5.1

CPE	Name	Operator	Version
fedoraproject:fedora	fedoraproject fedora	eq	22
fedoraproject:fedora	fedoraproject fedora	eq	21
xen:xen	xen	le	4.5.0
xen:xen	xen	eq	4.5.1

References

lists.fedoraproject.org/pipermail/package-announce/2015-September/165373.html

lists.fedoraproject.org/pipermail/package-announce/2015-September/167792.html

lists.fedoraproject.org/pipermail/package-announce/2015-September/167820.html

www.securityfocus.com/bid/76152

www.securitytracker.com/id/1033175

xenbits.xen.org/xsa/advisory-139.html

6.3 Medium

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

25.6%

JSON

Related for CVE-2015-5166

xen1 nessus14 prion1 ubuntucve1 debiancve1 f51 freebsd1 fedora5 openvas10 securityvulns2 ubuntu1 arista1 suse4 mageia1