CVE-2015-5165

Qemu: rtl8139 uninitialized heap memory information leakage to guest (XSA-140)

Severity Score

9.3

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors.

Vulnerabilidad en la emulación de modo offload C+ en el modelo de tarjeta de red del dispositivo RTL8139 en QEMU, tal y como se utiliza en Xen 4.5.x y versiones anteriores, permite a atacantes remotos leer la memoria dinámica del proceso a través de vectores no especificados.

An information leak flaw was found in the way QEMU's RTL8139 emulation implementation processed network packets under RTL8139 controller's C+ mode of operation. An unprivileged guest user could use this flaw to read up to 65 KB of uninitialized QEMU heap memory.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

Attack Vector

Adjacent

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2015-07-01 CVE Reserved
2015-08-12 CVE Published
2023-03-30 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-456: Missing Initialization of a Variable
CWE-908: Use of Uninitialized Resource

CAPEC

References (21)

URL	Tag	Source
http://support.citrix.com/article/CTX201717	Broken Link
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html	Third Party Advisory
http://www.securityfocus.com/bid/76153	Third Party Advisory
http://www.securitytracker.com/id/1033176	Third Party Advisory
https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
http://xenbits.xen.org/xsa/advisory-140.html	2023-02-13

URL	Date	SRC
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165373.html	2023-02-13
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167792.html	2023-02-13
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167820.html	2023-02-13
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00018.html	2023-02-13
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00027.html	2023-02-13
http://rhn.redhat.com/errata/RHSA-2015-1674.html	2023-02-13
http://rhn.redhat.com/errata/RHSA-2015-1683.html	2023-02-13
http://rhn.redhat.com/errata/RHSA-2015-1739.html	2023-02-13
http://rhn.redhat.com/errata/RHSA-2015-1740.html	2023-02-13
http://rhn.redhat.com/errata/RHSA-2015-1793.html	2023-02-13
http://rhn.redhat.com/errata/RHSA-2015-1833.html	2023-02-13
http://www.debian.org/security/2015/dsa-3348	2023-02-13
http://www.debian.org/security/2015/dsa-3349	2023-02-13
https://access.redhat.com/security/cve/CVE-2015-5165	2015-09-22
https://bugzilla.redhat.com/show_bug.cgi?id=1248760	2015-09-22

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Xen Search vendor "Xen"		Xen Search vendor "Xen" for product "Xen"				<= 4.5.0 Search vendor "Xen" for product "Xen" and version " <= 4.5.0"		-		Affected
Xen Search vendor "Xen"		Xen Search vendor "Xen" for product "Xen"				4.5.1 Search vendor "Xen" for product "Xen" and version "4.5.1"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				21 Search vendor "Fedoraproject" for product "Fedora" and version "21"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				22 Search vendor "Fedoraproject" for product "Fedora" and version "22"		-		Affected
Suse Search vendor "Suse"		Linux Enterprise Debuginfo Search vendor "Suse" for product "Linux Enterprise Debuginfo"				11 Search vendor "Suse" for product "Linux Enterprise Debuginfo" and version "11"		sp1		Affected
Suse Search vendor "Suse"		Linux Enterprise Server Search vendor "Suse" for product "Linux Enterprise Server"				10 Search vendor "Suse" for product "Linux Enterprise Server" and version "10"		sp4, ltss		Affected
Suse Search vendor "Suse"		Linux Enterprise Server Search vendor "Suse" for product "Linux Enterprise Server"				11 Search vendor "Suse" for product "Linux Enterprise Server" and version "11"		sp1, ltss		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				7.0 Search vendor "Debian" for product "Debian Linux" and version "7.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0"		-		Affected
Redhat Search vendor "Redhat"		Openstack Search vendor "Redhat" for product "Openstack"				5.0 Search vendor "Redhat" for product "Openstack" and version "5.0"		-		Affected
Redhat Search vendor "Redhat"		Openstack Search vendor "Redhat" for product "Openstack"				6.0 Search vendor "Redhat" for product "Openstack" and version "6.0"		-		Affected
Redhat Search vendor "Redhat"		Virtualization Search vendor "Redhat" for product "Virtualization"				3.0 Search vendor "Redhat" for product "Virtualization" and version "3.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Compute Node Eus Search vendor "Redhat" for product "Enterprise Linux Compute Node Eus"				7.1 Search vendor "Redhat" for product "Enterprise Linux Compute Node Eus" and version "7.1"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Compute Node Eus Search vendor "Redhat" for product "Enterprise Linux Compute Node Eus"				7.2 Search vendor "Redhat" for product "Enterprise Linux Compute Node Eus" and version "7.2"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Compute Node Eus Search vendor "Redhat" for product "Enterprise Linux Compute Node Eus"				7.3 Search vendor "Redhat" for product "Enterprise Linux Compute Node Eus" and version "7.3"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Compute Node Eus Search vendor "Redhat" for product "Enterprise Linux Compute Node Eus"				7.4 Search vendor "Redhat" for product "Enterprise Linux Compute Node Eus" and version "7.4"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Compute Node Eus Search vendor "Redhat" for product "Enterprise Linux Compute Node Eus"				7.5 Search vendor "Redhat" for product "Enterprise Linux Compute Node Eus" and version "7.5"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Compute Node Eus Search vendor "Redhat" for product "Enterprise Linux Compute Node Eus"				7.6 Search vendor "Redhat" for product "Enterprise Linux Compute Node Eus" and version "7.6"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Compute Node Eus Search vendor "Redhat" for product "Enterprise Linux Compute Node Eus"				7.7 Search vendor "Redhat" for product "Enterprise Linux Compute Node Eus" and version "7.7"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop"				6.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "6.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus"				6.7 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "6.7"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Eus Compute Node Search vendor "Redhat" for product "Enterprise Linux Eus Compute Node"				6.7 Search vendor "Redhat" for product "Enterprise Linux Eus Compute Node" and version "6.7"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux For Power Big Endian Search vendor "Redhat" for product "Enterprise Linux For Power Big Endian"				6.0 Search vendor "Redhat" for product "Enterprise Linux For Power Big Endian" and version "6.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux For Power Big Endian Search vendor "Redhat" for product "Enterprise Linux For Power Big Endian"				7.0 Search vendor "Redhat" for product "Enterprise Linux For Power Big Endian" and version "7.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux For Power Big Endian Eus Search vendor "Redhat" for product "Enterprise Linux For Power Big Endian Eus"				6.7_ppc64 Search vendor "Redhat" for product "Enterprise Linux For Power Big Endian Eus" and version "6.7_ppc64"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux For Power Big Endian Eus Search vendor "Redhat" for product "Enterprise Linux For Power Big Endian Eus"				7.1_ppc64 Search vendor "Redhat" for product "Enterprise Linux For Power Big Endian Eus" and version "7.1_ppc64"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux For Power Big Endian Eus Search vendor "Redhat" for product "Enterprise Linux For Power Big Endian Eus"				7.2_ppc64 Search vendor "Redhat" for product "Enterprise Linux For Power Big Endian Eus" and version "7.2_ppc64"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux For Power Big Endian Eus Search vendor "Redhat" for product "Enterprise Linux For Power Big Endian Eus"				7.3_ppc64 Search vendor "Redhat" for product "Enterprise Linux For Power Big Endian Eus" and version "7.3_ppc64"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux For Power Big Endian Eus Search vendor "Redhat" for product "Enterprise Linux For Power Big Endian Eus"				7.4_ppc64 Search vendor "Redhat" for product "Enterprise Linux For Power Big Endian Eus" and version "7.4_ppc64"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux For Power Big Endian Eus Search vendor "Redhat" for product "Enterprise Linux For Power Big Endian Eus"				7.5_ppc64 Search vendor "Redhat" for product "Enterprise Linux For Power Big Endian Eus" and version "7.5_ppc64"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux For Power Big Endian Eus Search vendor "Redhat" for product "Enterprise Linux For Power Big Endian Eus"				7.6_ppc64 Search vendor "Redhat" for product "Enterprise Linux For Power Big Endian Eus" and version "7.6_ppc64"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux For Power Big Endian Eus Search vendor "Redhat" for product "Enterprise Linux For Power Big Endian Eus"				7.7_ppc64 Search vendor "Redhat" for product "Enterprise Linux For Power Big Endian Eus" and version "7.7_ppc64"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux For Scientific Computing Search vendor "Redhat" for product "Enterprise Linux For Scientific Computing"				6.0 Search vendor "Redhat" for product "Enterprise Linux For Scientific Computing" and version "6.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux For Scientific Computing Search vendor "Redhat" for product "Enterprise Linux For Scientific Computing"				7.0 Search vendor "Redhat" for product "Enterprise Linux For Scientific Computing" and version "7.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server"				6.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "6.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server"				7.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "7.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus"				7.3 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.3"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus"				7.4 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.4"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus"				7.6 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.6"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus"				7.7 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.7"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Eus Search vendor "Redhat" for product "Enterprise Linux Server Eus"				7.1 Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "7.1"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Eus Search vendor "Redhat" for product "Enterprise Linux Server Eus"				7.2 Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "7.2"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Eus Search vendor "Redhat" for product "Enterprise Linux Server Eus"				7.3 Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "7.3"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Eus Search vendor "Redhat" for product "Enterprise Linux Server Eus"				7.4 Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "7.4"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Eus Search vendor "Redhat" for product "Enterprise Linux Server Eus"				7.5 Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "7.5"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Eus Search vendor "Redhat" for product "Enterprise Linux Server Eus"				7.6 Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "7.6"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Eus Search vendor "Redhat" for product "Enterprise Linux Server Eus"				7.7 Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "7.7"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Eus From Rhui Search vendor "Redhat" for product "Enterprise Linux Server Eus From Rhui"				6.7 Search vendor "Redhat" for product "Enterprise Linux Server Eus From Rhui" and version "6.7"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server From Rhui Search vendor "Redhat" for product "Enterprise Linux Server From Rhui"				6.0 Search vendor "Redhat" for product "Enterprise Linux Server From Rhui" and version "6.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server From Rhui Search vendor "Redhat" for product "Enterprise Linux Server From Rhui"				7.0 Search vendor "Redhat" for product "Enterprise Linux Server From Rhui" and version "7.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus"				7.3 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "7.3"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus"				7.6 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "7.6"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus"				7.7 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "7.7"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Update Services For Sap Solutions Search vendor "Redhat" for product "Enterprise Linux Server Update Services For Sap Solutions"				7.2 Search vendor "Redhat" for product "Enterprise Linux Server Update Services For Sap Solutions" and version "7.2"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Update Services For Sap Solutions Search vendor "Redhat" for product "Enterprise Linux Server Update Services For Sap Solutions"				7.3 Search vendor "Redhat" for product "Enterprise Linux Server Update Services For Sap Solutions" and version "7.3"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Update Services For Sap Solutions Search vendor "Redhat" for product "Enterprise Linux Server Update Services For Sap Solutions"				7.4 Search vendor "Redhat" for product "Enterprise Linux Server Update Services For Sap Solutions" and version "7.4"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Update Services For Sap Solutions Search vendor "Redhat" for product "Enterprise Linux Server Update Services For Sap Solutions"				7.6 Search vendor "Redhat" for product "Enterprise Linux Server Update Services For Sap Solutions" and version "7.6"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Update Services For Sap Solutions Search vendor "Redhat" for product "Enterprise Linux Server Update Services For Sap Solutions"				7.7 Search vendor "Redhat" for product "Enterprise Linux Server Update Services For Sap Solutions" and version "7.7"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation"				6.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "6.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation"				7.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "7.0"		-		Affected
Arista Search vendor "Arista"		Eos Search vendor "Arista" for product "Eos"				4.12 Search vendor "Arista" for product "Eos" and version "4.12"		-		Affected
Arista Search vendor "Arista"		Eos Search vendor "Arista" for product "Eos"				4.13 Search vendor "Arista" for product "Eos" and version "4.13"		-		Affected
Arista Search vendor "Arista"		Eos Search vendor "Arista" for product "Eos"				4.14 Search vendor "Arista" for product "Eos" and version "4.14"		-		Affected
Arista Search vendor "Arista"		Eos Search vendor "Arista" for product "Eos"				4.15 Search vendor "Arista" for product "Eos" and version "4.15"		-		Affected
Oracle Search vendor "Oracle"		Linux Search vendor "Oracle" for product "Linux"				7 Search vendor "Oracle" for product "Linux" and version "7"		0		Affected