Vulnerability Details : CVE-2015-5154
Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.
Vulnerability category: OverflowExecute code
Products affected by CVE-2015-5154
- cpe:2.3:o:suse:linux_enterprise_desktop:12:*:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:11:sp4:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:*:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4:*:*:*:*:*:*
- cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.5.1:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-5154
0.39%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 58 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-5154
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
CWE ids for CVE-2015-5154
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-5154
-
http://rhn.redhat.com/errata/RHSA-2015-1508.html
RHSA-2015:1508 - Security Advisory - Red Hat Customer Portal
-
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00027.html
[security-announce] SUSE-SU-2015:1643-1: important: Security update for
-
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00020.html
[security-announce] SUSE-SU-2015:1426-1: important: Security update for
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163472.html
[SECURITY] Fedora 23 Update: xen-4.5.1-5.fc23Third Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163681.html
[SECURITY] Fedora 21 Update: xen-4.4.2-9.fc21Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00022.html
[security-announce] SUSE-SU-2015:1455-1: important: Security update for
-
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00017.html
[security-announce] SUSE-SU-2015:1409-1: important: Security update for
-
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00042.html
[security-announce] SUSE-SU-2015:1302-1: important: Security update forThird Party Advisory
-
http://xenbits.xen.org/xsa/advisory-138.html
XSA-138 - Xen Security AdvisoriesPatch;Vendor Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163658.html
[SECURITY] Fedora 22 Update: xen-4.5.1-5.fc22Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00019.html
[security-announce] SUSE-SU-2015:1782-1: important: Security update for
-
https://security.gentoo.org/glsa/201604-03
Xen: Multiple vulnerabilities (GLSA 201604-03) — Gentoo security
-
http://www.debian.org/security/2015/dsa-3348
Debian -- Security Information -- DSA-3348-1 qemu
-
http://www.securityfocus.com/bid/76048
QEMU CVE-2015-5154 Heap Based Buffer Overflow Vulnerability
-
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00041.html
[security-announce] SUSE-SU-2015:1299-1: important: Security update forThird Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2015-1507.html
RHSA-2015:1507 - Security Advisory - Red Hat Customer Portal
-
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00018.html
[security-announce] SUSE-SU-2015:1421-1: important: Security update for
-
http://rhn.redhat.com/errata/RHSA-2015-1512.html
RHSA-2015:1512 - Security Advisory - Red Hat Customer Portal
-
http://www.securitytracker.com/id/1033074
QEMU IDE Heap Overflow Lets Local Users on a Guest System Gain Elevated Privileges on the Host System - SecurityTracker
-
http://support.citrix.com/article/CTX201593
Third Party Advisory
-
https://security.gentoo.org/glsa/201510-02
QEMU: Arbitrary code execution (GLSA 201510-02) — Gentoo securityThird Party Advisory
Jump to