CVE-2015-5165
Severity
9.3CRITICAL
EPSS
13.2%
top 5.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedAug 12
Latest updateMay 13
Description
The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors.
CVSS vector
AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0
Affected Packages15 packages
Also affects: Debian Linux 7.0, 8.0, Fedora 21, 22, Enterprise Linux 6.7, 6.0, 7.0, 6.7_ppc64, 7.1_ppc64, 7.2_ppc64, 7.3_ppc64, 7.4_ppc64, 7.5_ppc64, 7.6_ppc64, 7.7_ppc64, 7.3, 7.4, 7.6, 7.7, 7.1, 7.2, 7.5
Patches
🔴Vulnerability Details
4GHSA▶
GHSA-764w-ch2j-96hf: The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4↗2022-05-13
CVEList▶
CVE-2015-5165: The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4↗2015-08-12
OSV▶
CVE-2015-5165: The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4↗2015-08-12
💥Exploits & PoCs
1📋Vendor Advisories
3💬Community
3Bugzilla▶
CVE-2015-5165 Qemu: rtl8139 uninitialized heap memory information leakage to guest [fedora-all]↗2015-08-03
Bugzilla▶
CVE-2015-5165 xen: Qemu: rtl8139 uninitialized heap memory information leakage to guest [fedora-all]↗2015-08-03
Bugzilla▶
CVE-2015-5165 Qemu: rtl8139 uninitialized heap memory information leakage to guest (XSA-140)↗2015-07-30