Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.2
CVSSv2

CVE-2015-5166

Published: 12/08/2015 Updated: 30/10/2018
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
VMScore: 641
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Fedora

Vulnerability Summary

Use-after-free vulnerability in QEMU in Xen 4.5.x and previous versions does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

fedoraproject fedora 21

fedoraproject fedora 22

xen xen

xen xen 4.5.1

Vendor Advisories

Ubuntu Security Notice: qemu, qemu-kvm vulnerabilities
Several security issues were fixed in QEMU ...
Debian CVElist Bug Report Logs: qemu: CVE-2015-5166: Use after free in QEMU/Xen block unplug protocol
Debian Bug report logs - #794611 qemu: CVE-2015-5166: Use after free in QEMU/Xen block unplug protocol Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 4 Aug 2015 20:27:02 UTC Severity: important ...
Debian CVElist Bug Report Logs: qemu: CVE-2015-5154: ide: atapi: heap overflow during I/O buffer memory access
Debian Bug report logs - #793811 qemu: CVE-2015-5154: ide: atapi: heap overflow during I/O buffer memory access Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 27 Jul 2015 18:12:02 UTC Severity: g ...
Debian CVElist Bug Report Logs: qemu: CVE-2015-3214: i8254: out-of-bounds memory access in pit_ioport_read function
Debian Bug report logs - #795461 qemu: CVE-2015-3214: i8254: out-of-bounds memory access in pit_ioport_read function Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 14 Aug 2015 08:12:10 UTC Severi ...
Debian CVElist Bug Report Logs: qemu: CVE-2015-5158: scsi stack buffer overflow
Debian Bug report logs - #793388 qemu: CVE-2015-5158: scsi stack buffer overflow Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 23 Jul 2015 15:06:03 UTC Severity: important Tags: patch, security, ...
Debian CVElist Bug Report Logs: qemu: CVE-2015-5165: rtl8139 uninitialized heap memory information leakage to guest
Debian Bug report logs - #794610 qemu: CVE-2015-5165: rtl8139 uninitialized heap memory information leakage to guest Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 4 Aug 2015 20:24:02 UTC Severi ...
Debian CVElist Bug Report Logs: qemu: CVE-2015-5745: buffer overflow in virtio-serial
Debian Bug report logs - #795087 qemu: CVE-2015-5745: buffer overflow in virtio-serial Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 10 Aug 2015 13:24:06 UTC Severity: normal Tags: fixed-upstrea ...
Debian CVElist Bug Report Logs: qemu: CVE-2015-5225: ui: vnc: heap memory corruption in vnc_refresh_server_surface
Debian Bug report logs - #796465 qemu: CVE-2015-5225: ui: vnc: heap memory corruption in vnc_refresh_server_surface Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 21 Aug 2015 22:12:02 UTC Severit ...
Red Hat: CVE-2015-5166
A flaw has been found in the QEMU emulator built with IDE Emulation PCI PIIX3/4 support; the emulator is vulnerable to a use-after-free flaw, while writing data to an I/O port inside a guest This issue is specific to the Xen platform A privileged(CAP_SYS_RAWIO) guest user on the Xen platform could use this flaw to crash the QEMU instance or attem ...

Recent Articles

QEMU may be fro-Xen out after two new bugs emerge
The Register • Simon Sharwood • 04 Aug 2015

Five guest-host escalation SNAFUs might be stretching the virtual friendship

The Xen project has revealed another two bugs in the QEMU hypervisor and is now wondering the extent to which it should support the buggy code. The first of the flaws, CVE-2015-5165, means “A guest may be able to read sensitive host-level data relating to itself which resides in the QEMU process” and impacts “All Xen systems running x86 HVM guests without stubdomains which have been configured with an emulated RTL8139 driver mode”. There's a workaround and the Xen team are asking you to ...

Read more...

References

CWE-264http://xenbits.xen.org/xsa/advisory-139.htmlhttp://www.securitytracker.com/id/1033175http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167820.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-September/167792.htmlhttp://www.securityfocus.com/bid/76152http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165373.htmlhttps://usn.ubuntu.com/2724-1/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2015-5166
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3661open redirectCVE-2024-25512CVE-2024-33788command injectionSSTICVE-2024-0043CVE-2024-29210CVE-2024-25510
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook