Vulnerability Details : CVE-2015-5166
Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice.
Vulnerability category: Memory Corruption
Products affected by CVE-2015-5166
- cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.5.1:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-5166
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 25 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-5166
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
CWE ids for CVE-2015-5166
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-5166
-
http://xenbits.xen.org/xsa/advisory-139.html
XSA-139 - Xen Security AdvisoriesPatch;Vendor Advisory
-
http://www.securityfocus.com/bid/76152
Xen CVE-2015-5166 Local Privilege Escalation Vulnerability
-
http://www.securitytracker.com/id/1033175
Xen QEMU Block Unplug Protocol Use-After-Free Lets Local Users on a Guest System Gain Elevated Privileges on the Host System - SecurityTracker
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165373.html
[SECURITY] Fedora 23 Update: xen-4.5.1-6.fc23
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167820.html
[SECURITY] Fedora 22 Update: xen-4.5.1-8.fc22
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167792.html
[SECURITY] Fedora 21 Update: xen-4.4.3-3.fc21
Jump to