CVE-2015-5165

NameCVE-2015-5165
DescriptionThe C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-479-1, DSA-3348-1, DSA-3349-1
NVD severitymedium (attack range: remote)
Debian Bugs794610

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
qemu (PTS)wheezy1.1.2+dfsg-6a+deb7u12fixed
wheezy (security)1.1.2+dfsg-6+deb7u24fixed
jessie (security), jessie1:2.1+dfsg-12+deb8u6fixed
stretch1:2.8+dfsg-6+deb9u2fixed
stretch (security)1:2.8+dfsg-6+deb9u3fixed
buster, sid1:2.10.0+dfsg-2fixed
qemu-kvm (PTS)wheezy1.1.2+dfsg-6+deb7u12fixed
wheezy (security)1.1.2+dfsg-6+deb7u24fixed
xen (PTS)wheezy4.1.4-3+deb7u9vulnerable
wheezy (security)4.1.6.lts1-10fixed
jessie4.4.1-9+deb8u9fixed
jessie (security)4.4.1-9+deb8u10fixed
buster, stretch (security), stretch, sid4.8.1-1+deb9u3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
qemusource(unstable)1:2.4+dfsg-1amedium794610
qemusourcejessie1:2.1+dfsg-12+deb8u2mediumDSA-3348-1
qemusourcesqueeze(unfixed)end-of-life
qemusourcewheezy1.1.2+dfsg-6a+deb7u9medium
qemu-kvmsource(unstable)(unfixed)medium
qemu-kvmsourcesqueeze(unfixed)end-of-life
qemu-kvmsourcewheezy1.1.2+dfsg-6+deb7u9mediumDSA-3349-1
xensource(unstable)4.4.0-1medium
xensourcesqueeze(unfixed)end-of-life
xensourcewheezy4.1.6.1-1+deb7u1mediumDLA-479-1

Notes

[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
[wheezy] - xen <no-dsa> (Too intrusive to backport)
[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
Xen switched to qemu-system in 4.4.0-1
http://xenbits.xen.org/xsa/advisory-140.html
http://git.qemu.org/?p=qemu.git;a=commitdiff;h=39b8e7dcaf04cbdb926b478f825b160d852752b5
http://git.qemu.org/?p=qemu.git;a=commitdiff;h=d6812d60e7932de3cd0f602c0ee63dd3d09f1847
http://git.qemu.org/?p=qemu.git;a=commitdiff;h=e1c120a9c54872f8a538ff9129d928de4e865cbd
http://git.qemu.org/?p=qemu.git;a=commitdiff;h=03247d43c577dfea8181cd40177ad5ba77c8db76
http://git.qemu.org/?p=qemu.git;a=commitdiff;h=c6296ea88df040054ccd781f3945fe103f8c7c17
http://git.qemu.org/?p=qemu.git;a=commitdiff;h=4240be45632db7831129f124bcf53c1223825b0f
http://git.qemu.org/?p=qemu.git;a=commitdiff;h=8357946b15f0a31f73dd691b7da95f29318ed310

Search for package or bug name: Reporting problems