CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
26.7%
Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice.
Vendor | Product | Version | CPE |
---|---|---|---|
fedoraproject | fedora | 21 | cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:* |
fedoraproject | fedora | 22 | cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:* |
xen | xen | * | cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:* |
xen | xen | 4.5.1 | cpe:2.3:o:xen:xen:4.5.1:*:*:*:*:*:*:* |
lists.fedoraproject.org/pipermail/package-announce/2015-September/165373.html
lists.fedoraproject.org/pipermail/package-announce/2015-September/167792.html
lists.fedoraproject.org/pipermail/package-announce/2015-September/167820.html
www.securityfocus.com/bid/76152
www.securitytracker.com/id/1033175
xenbits.xen.org/xsa/advisory-139.html