CVE-2015-5166 — Use After Free in Qemu

CWE-264 CWE-416 — Use After Free10 documents7 sources

Severity

7.2HIGHNVD

OSV4.9

EPSS

0.1%

top 78.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qemu XEN Debian Qemu +2 more

Timeline

PublishedAug 12

Latest updateMay 14

Description

Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages6 packages

▶debiandebian/qemu< qemu 1:2.4+dfsg-1a (bookworm)

▶Debianqemu/qemu< 1:2.4+dfsg-1a+3

▶Ubuntuqemu/qemu< 2.0.0+dfsg-2ubuntu1.17

▶debiandebian/xen< qemu 1:2.4+dfsg-1a (bookworm)

▶Debianxen/xen< 4.4.0-1+3

Also affects: Fedora 21, 22

Patches

Patch: xenbits.xen.org ↗Patch: xenbits.xen.org ↗

🔴Vulnerability Details

GHSA

GHSA-gpg2-4ppg-g82w: Use-after-free vulnerability in QEMU in Xen 4↗2022-05-14

▶

OSV

qemu, qemu-kvm vulnerabilities↗2015-08-27

▶

OSV

CVE-2015-5166: Use-after-free vulnerability in QEMU in Xen 4↗2015-08-12

▶

📋Vendor Advisories

Ubuntu

QEMU vulnerabilities↗2015-08-27

▶

Red Hat

Qemu: BlockBackend object use after free issue (XSA-139)↗2015-08-03

▶

Debian

CVE-2015-5166: qemu - Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completel...↗2015

▶

💬Community

Bugzilla

CVE-2015-5166 xen: Qemu: BlockBackend object use after free issue [fedora-all]↗2015-08-03

▶

Bugzilla

CVE-2015-5166 Qemu: BlockBackend object use after free issue [fedora-all]↗2015-08-03

▶

Bugzilla

CVE-2015-5166 Qemu: BlockBackend object use after free issue (XSA-139)↗2015-07-31

▶