CVE-2015-5154

CWE-119Buffer Overflow12 documents8 sources
Severity
7.2HIGH
EPSS
0.4%
top 40.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
Qemu QemuXEN XENFedoraproject Fedora+5 more
Timeline
PublishedAug 12
Latest updateMay 14

Description

Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages9 packages

Debianqemu< 1:2.4+dfsg-1a+3
NVDqemu/qemu2.3.0
Debianxen< 4.4.0-1+3
NVDxen/xen4.5.0+1

Also affects: Fedora 21, 22, 23

Patches

Patch: xenbits.xen.orgPatch: xenbits.xen.org

🔴Vulnerability Details

4
GHSA
GHSA-j9wc-jv66-352g: Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 42022-05-14
OSV
CVE-2015-5154: Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 42015-08-12
CVEList
CVE-2015-5154: Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 42015-08-12
OSV
qemu vulnerabilities2015-07-28

📋Vendor Advisories

3
Ubuntu
QEMU vulnerabilities2015-07-28
Red Hat
qemu: ide: atapi: heap overflow during I/O buffer memory access2015-07-27
Debian
CVE-2015-5154: qemu - Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x an...2015

💬Community

4
Bugzilla
CVE-2015-5154 xen: qemu: ide: atapi: heap overflow during I/O buffer memory access [fedora-all]2015-07-27
Bugzilla
CVE-2015-5154 qemu: ide: atapi: heap overflow during I/O buffer memory access [fedora-all]2015-07-27
Bugzilla
CVE-2015-5154 qemu: ide: atapi: heap overflow during I/O buffer memory access [epel-7]2015-07-27
Bugzilla
CVE-2015-5154 qemu: ide: atapi: heap overflow during I/O buffer memory access2015-07-15
CVE-2015-5154 (HIGH CVSS 7.2) | Heap-based buffer overflow in the I | cvebase.io