Vulnerabilities > CVE-2015-5165 - Use of Uninitialized Resource vulnerability in multiple products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_SU-2015-1421-1.NASL description Xen was updated to fix the following security issues : - CVE-2015-5154: Host code execution via IDE subsystem CD-ROM (bsc#938344) - CVE-2015-5165: QEMU leak of uninitialized heap memory in rtl8139 device model (XSA-140, bsc#939712) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 85598 published 2015-08-24 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85598 title SUSE SLES11 Security Update : xen (SUSE-SU-2015:1421-1) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2015-1833.NASL description Updated qemu-kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An information leak flaw was found in the way QEMU last seen 2020-06-01 modified 2020-06-02 plugin id 86513 published 2015-10-22 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/86513 title CentOS 6 : qemu-kvm (CESA-2015:1833) NASL family Fedora Local Security Checks NASL id FEDORA_2015-13404.NASL description - Fix crash in qemu_spice_create_display (bz #1163047) * CVE-2015-3209: pcnet: multi-tmd buffer overflow in the tx path (bz #1230536) * CVE-2015-3214: i8254: out-of-bounds memory access (bz #1243728) * CVE-2015-5154: ide: atapi: heap overflow during I/O buffer memory access (bz #1247141) * CVE-2015-5745: buffer overflow in virtio-serial (bz #1251160) * CVE-2015-5165: rtl8139 uninitialized heap memory information leakage to guest (bz #1249755) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-09-02 plugin id 85727 published 2015-09-02 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/85727 title Fedora 21 : qemu-2.1.3-9.fc21 (2015-13404) NASL family SuSE Local Security Checks NASL id OPENSUSE-2015-750.NASL description xen was updated to fix 12 security issues. These security issues were fixed : - CVE-2015-7972: Populate-on-demand balloon size inaccuracy can crash guests (bsc#951845). - CVE-2015-7969: Leak of main per-domain vcpu pointer array (DoS) (bsc#950703). - CVE-2015-7969: Leak of per-domain profiling-related vcpu pointer array (DoS) (bsc#950705). - CVE-2015-7971: Some pmu and profiling hypercalls log without rate limiting (bsc#950706). - CVE-2015-4037: Insecure temporary file use in /net/slirp.c (bsc#932267). - CVE-2014-0222: Validate L2 table size to avoid integer overflows (bsc#877642). - CVE-2015-7835: Uncontrolled creation of large page mappings by PV guests (bsc#950367). - CVE-2015-7311: libxl fails to honour readonly flag on disks with qemu-xen (bsc#947165). - CVE-2015-5165: QEMU leak of uninitialized heap memory in rtl8139 device model (bsc#939712). - CVE-2015-5166: Use after free in QEMU/Xen block unplug protocol (bsc#939709). - CVE-2015-5154: Host code execution via IDE subsystem CD-ROM (bsc#938344). - CVE-2015-3259: xl command line config handling stack overflow (bsc#935634). These non-security issues were fixed : - bsc#907514: Bus fatal error and sles12 sudden reboot has been observed - bsc#910258: SLES12 Xen host crashes with FATAL NMI after shutdown of guest with VT-d NIC - bsc#918984: Bus fatal error and sles11-SP4 sudden reboot has been observed - bsc#923967: Partner-L3: Bus fatal error and sles11-SP3 sudden reboot has been observed - bsc#901488: Intel ixgbe driver assigns rx/tx queues per core resulting in irq problems on servers with a large amount of CPU cores - bsc#945167: Running command xl pci-assignable-add 03:10.1 secondly show errors - bsc#949138: Setting vcpu affinity under Xen causes libvirtd abort - bsc#944463: VUL-0: CVE-2015-5239: qemu-kvm: Integer overflow in vnc_client_read() and protocol_client_msg() - bsc#944697: VUL-1: CVE-2015-6815: qemu: net: e1000: infinite loop issue - bsc#925466: Kdump does not work in a XEN environment last seen 2020-06-05 modified 2015-11-18 plugin id 86909 published 2015-11-18 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/86909 title openSUSE Security Update : xen (openSUSE-2015-750) NASL family Scientific Linux Local Security Checks NASL id SL_20150915_QEMU_KVM_ON_SL7_X.NASL description An information leak flaw was found in the way QEMU last seen 2020-03-18 modified 2015-09-16 plugin id 85961 published 2015-09-16 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85961 title Scientific Linux Security Update : qemu-kvm on SL7.x x86_64 (20150915) NASL family SuSE Local Security Checks NASL id SUSE_SU-2015-1479-2.NASL description xen was updated to fix the following security issues : - CVE-2015-5165: QEMU leak of uninitialized heap memory in rtl8139 device model (bsc#939712, XSA-140) - CVE-2015-5166: Use after free in QEMU/Xen block unplug protocol (bsc#939709, XSA-139) - CVE-2015-2751: Certain domctl operations could have be used to lock up the host (bsc#922709, XSA-127) - CVE-2015-3259: xl command line config handling stack overflow (bsc#935634, XSA-137) - CVE-2015-4164: DoS through iret hypercall handler (bsc#932996, XSA-136) - CVE-2015-5154: Host code execution via IDE subsystem CD-ROM (bsc#938344) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 85792 published 2015-09-04 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85792 title SUSE SLED11 Security Update : xen (SUSE-SU-2015:1479-2) NASL family Scientific Linux Local Security Checks NASL id SL_20150922_QEMU_KVM_ON_SL6_X.NASL description An information leak flaw was found in the way QEMU last seen 2020-03-18 modified 2015-09-23 plugin id 86101 published 2015-09-23 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/86101 title Scientific Linux Security Update : qemu-kvm on SL6.x i386/x86_64 (20150922) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3348.NASL description Several vulnerabilities were discovered in qemu, a fast processor emulator. - CVE-2015-3214 Matt Tait of Google last seen 2020-06-01 modified 2020-06-02 plugin id 85754 published 2015-09-03 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85754 title Debian DSA-3348-1 : qemu - security update NASL family SuSE Local Security Checks NASL id SUSE_SU-2015-1408-1.NASL description This security update of Xen fixes the following issues : - bsc#939712 (XSA-140): QEMU leak of uninitialized heap memory in rtl8139 device model (CVE-2015-5165) - bsc#938344: qemu,kvm,xen: host code execution via IDE subsystem CD-ROM (CVE-2015-5154) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 85575 published 2015-08-21 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85575 title SUSE SLES11 Security Update : xen (SUSE-SU-2015:1408-1) NASL family Misc. NASL id CITRIX_XENSERVER_CTX201717.NASL description The version of Citrix XenServer running on the remote host is affected by an information disclosure vulnerability due to improper validation of user-supplied input in the C+ mode offload emulation of the RTL8139 network card device model in QEMU. A remote attacker can exploit this to read process heap memory, resulting in the disclosure of sensitive information. last seen 2020-06-01 modified 2020-06-02 plugin id 85661 published 2015-08-27 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/85661 title Citrix XenServer QEMU RTL8139 Guest Network Device Information Disclosure (CTX201717) NASL family F5 Networks Local Security Checks NASL id F5_BIGIP_SOL63519101.NASL description CVE-2014-8106 Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirrus_vga.c) in QEMU before 2.2.0 allows local guest users to execute arbitrary code via vectors related to blit regions. NOTE: this vulnerability exists because an incomplete fix for CVE-2007-1320. CVE-2015-3209 Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set. CVE-2015-5165 The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors. CVE-2015-5279 Heap-based buffer overflow in the ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via vectors related to receiving packets. CVE-2015-7504 Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service (instance crash) or possibly execute arbitrary code via a series of packets in loopback mode. CVE-2015-7512 Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet. Impact An attacker may be able to cause a denial of service (DoS) or execute arbitrary code if using the virtual drivers specified in these CVE descriptions. last seen 2020-03-17 modified 2016-02-17 plugin id 88770 published 2016-02-17 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/88770 title F5 Networks BIG-IP : Multiple QEMU vulnerabilities (K63519101) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2015-1793.NASL description Updated qemu-kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An information leak flaw was found in the way QEMU last seen 2020-06-01 modified 2020-06-02 plugin id 86512 published 2015-10-22 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/86512 title CentOS 7 : qemu-kvm (CESA-2015:1793) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2016-0051.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - kvm-Add-vga.h-unmodified-from-Linux.patch [bz#1331407] - kvm-vga.h-remove-unused-stuff-and-reformat.patch [bz#1331407] - kvm-vga-use-constants-from-vga.h.patch [bz#1331407] - kvm-vga-Remove-some-should-be-done-in-BIOS-comments.patc h [bz#1331407] - kvm-vga-fix-banked-access-bounds-checking-CVE-2016-3710. patch [bz#1331407] - kvm-vga-add-vbe_enabled-helper.patch [bz#1331407] - kvm-vga-factor-out-vga-register-setup.patch [bz#1331407] - kvm-vga-update-vga-register-setup-on-vbe-changes.patch [bz#1331407] - kvm-vga-make-sure-vga-register-setup-for-vbe-stays-intac .patch - Resolves: bz#1331407 (EMBARGOED CVE-2016-3710 qemu-kvm: qemu: incorrect banked access bounds checking in vga module [rhel-6.8.z]) - Revert last seen 2020-06-01 modified 2020-06-02 plugin id 91316 published 2016-05-25 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91316 title OracleVM 3.4 : qemu-kvm (OVMSA-2016-0051) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_F06F20DC434711E593AD002590263BF5.NASL description The Xen Project reports : The QEMU model of the RTL8139 network card did not sufficiently validate inputs in the C+ mode offload emulation. This results in uninitialized memory from the QEMU process last seen 2020-06-01 modified 2020-06-02 plugin id 85486 published 2015-08-18 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85486 title FreeBSD : qemu, xen-tools -- QEMU leak of uninitialized heap memory in rtl8139 device model (f06f20dc-4347-11e5-93ad-002590263bf5) NASL family Fedora Local Security Checks NASL id FEDORA_2015-14361.NASL description Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-09-02 plugin id 85728 published 2015-09-02 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/85728 title Fedora 23 : xen-4.5.1-6.fc23 (2015-14361) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2015-1739.NASL description Updated qemu-kvm-rhev packages that fix one security issue are now available for Red Hat Enterprise Virtualization Hypervisor 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM. An information leak flaw was found in the way QEMU last seen 2020-06-01 modified 2020-06-02 plugin id 117307 published 2018-09-06 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/117307 title RHEL 7 : qemu-kvm-rhev (RHSA-2015:1739) NASL family SuSE Local Security Checks NASL id SUSE_SU-2015-1643-1.NASL description Xen was updated to fix the following security issues : CVE-2015-5154: Host code execution via IDE subsystem CD-ROM. (bsc#938344) CVE-2015-3209: Heap overflow in QEMU last seen 2020-06-01 modified 2020-06-02 plugin id 86203 published 2015-09-30 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/86203 title SUSE SLES10 Security Update : Xen (SUSE-SU-2015:1643-1) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3349.NASL description Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware. - CVE-2015-5165 Donghai Zhu discovered that the QEMU model of the RTL8139 network card did not sufficiently validate inputs in the C+ mode offload emulation, allowing a malicious guest to read uninitialized memory from the QEMU process last seen 2020-06-01 modified 2020-06-02 plugin id 85755 published 2015-09-03 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85755 title Debian DSA-3349-1 : qemu-kvm - security update NASL family SuSE Local Security Checks NASL id SUSE_SU-2015-1404-1.NASL description This security update of Xen fixes the following issues : - bsc#939712 (XSA-140): QEMU leak of uninitialized heap memory in rtl8139 device model (CVE-2015-5165) - bsc#939709 (XSA-139): Use after free in QEMU/Xen block unplug protocol (CVE-2015-5166) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 85532 published 2015-08-19 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85532 title SUSE SLED11 / SLES11 Security Update : xen (SUSE-SU-2015:1404-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2015-1793.NASL description Updated qemu-kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An information leak flaw was found in the way QEMU last seen 2020-06-01 modified 2020-06-02 plugin id 85981 published 2015-09-17 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85981 title RHEL 7 : qemu-kvm (RHSA-2015:1793) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2015-1833.NASL description From Red Hat Security Advisory 2015:1833 : Updated qemu-kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An information leak flaw was found in the way QEMU last seen 2020-06-01 modified 2020-06-02 plugin id 86095 published 2015-09-23 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/86095 title Oracle Linux 6 : qemu-kvm (ELSA-2015-1833) NASL family Fedora Local Security Checks NASL id FEDORA_2015-15946.NASL description libxl fails to honour readonly flag on disks with qemu-xen [XSA-142 (possible fix)] ---- update to xen-4.4.3, including Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166], QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-09-28 plugin id 86163 published 2015-09-28 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/86163 title Fedora 21 : xen-4.4.3-3.fc21 (2015-15946) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2015-0111.NASL description The remote OracleVM system is missing necessary patches to address critical security updates in xen last seen 2020-06-01 modified 2020-06-02 plugin id 85236 published 2015-08-05 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/85236 title OracleVM 3.3 : xen (OVMSA-2015-0111) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2015-0112.NASL description The remote OracleVM system is missing necessary patches to address critical security updates in xen. last seen 2020-06-01 modified 2020-06-02 plugin id 85237 published 2015-08-05 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/85237 title OracleVM 3.2 : xen (OVMSA-2015-0112) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-479.NASL description This security update fixes a number of security issues in Xen in wheezy. For Debian 7 last seen 2020-03-17 modified 2016-05-18 plugin id 91198 published 2016-05-18 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91198 title Debian DLA-479-1 : xen security update NASL family SuSE Local Security Checks NASL id OPENSUSE-2015-729.NASL description xen was updated to fix 13 security issues. These security issues were fixed : - CVE-2015-7972: Populate-on-demand balloon size inaccuracy can crash guests (bsc#951845). - CVE-2015-7969: Leak of main per-domain vcpu pointer array (DoS) (bsc#950703). - CVE-2015-7969: Leak of per-domain profiling-related vcpu pointer array (DoS) (bsc#950705). - CVE-2015-7971: Some pmu and profiling hypercalls log without rate limiting (bsc#950706). - CVE-2015-4037: Insecure temporary file use in /net/slirp.c (bsc#932267). - CVE-2014-0222: Validate L2 table size to avoid integer overflows (bsc#877642). - CVE-2015-7835: Uncontrolled creation of large page mappings by PV guests (bsc#950367). - CVE-2015-7311: libxl fails to honour readonly flag on disks with qemu-xen (bsc#947165). - CVE-2015-5165: QEMU leak of uninitialized heap memory in rtl8139 device model (bsc#939712). - CVE-2015-5166: Use after free in QEMU/Xen block unplug protocol (bsc#939709). - CVE-2015-5239: Integer overflow in vnc_client_read() and protocol_client_msg() (bsc#944463). - CVE-2015-6815: e1000: infinite loop issue (bsc#944697). - CVE-2015-5154: Host code execution via IDE subsystem CD-ROM (bsc#938344). This non-security issues was fixed : - bsc#941074: VmError: Device 51728 (vbd) could not be connected. Hotplug scripts not working. last seen 2020-06-05 modified 2015-11-13 plugin id 86863 published 2015-11-13 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/86863 title openSUSE Security Update : xen (openSUSE-2015-729) NASL family SuSE Local Security Checks NASL id SUSE_SU-2015-1479-1.NASL description xen was updated to fix the following security issues : - CVE-2015-5165: QEMU leak of uninitialized heap memory in rtl8139 device model (bsc#939712, XSA-140) - CVE-2015-5166: Use after free in QEMU/Xen block unplug protocol (bsc#939709, XSA-139) - CVE-2015-2751: Certain domctl operations could have be used to lock up the host (bsc#922709, XSA-127) - CVE-2015-3259: xl command line config handling stack overflow (bsc#935634, XSA-137) - CVE-2015-4164: DoS through iret hypercall handler (bsc#932996, XSA-136) - CVE-2015-5154: Host code execution via IDE subsystem CD-ROM (bsc#938344) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 85791 published 2015-09-04 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85791 title SUSE SLED11 / SLES11 Security Update : xen (SUSE-SU-2015:1479-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2015-1833.NASL description Updated qemu-kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An information leak flaw was found in the way QEMU last seen 2020-06-01 modified 2020-06-02 plugin id 86098 published 2015-09-23 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/86098 title RHEL 6 : qemu-kvm (RHSA-2015:1833) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2724-1.NASL description It was discovered that QEMU incorrectly handled a PRDT with zero complete sectors in the IDE functionality. A malicious guest could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-9718) Donghai Zhu discovered that QEMU incorrectly handled the RTL8139 driver. A malicious guest could possibly use this issue to read sensitive information from arbitrary host memory. (CVE-2015-5165) Donghai Zhu discovered that QEMU incorrectly handled unplugging emulated block devices. A malicious guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. This issue only affected Ubuntu 15.04. (CVE-2015-5166) Qinghao Tang and Mr. Zuozhi discovered that QEMU incorrectly handled memory in the VNC display driver. A malicious guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. This issue only affected Ubuntu 15.04. (CVE-2015-5225) It was discovered that QEMU incorrectly handled the virtio-serial device. A malicious guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-5745). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 85683 published 2015-08-28 reporter Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85683 title Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : qemu, qemu-kvm vulnerabilities (USN-2724-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2015-1740.NASL description Updated qemu-kvm-rhev packages that fix one security issue and one bug are now available for Red Hat Enterprise Virtualization. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager. An information leak flaw was found in the way QEMU last seen 2020-06-01 modified 2020-06-02 plugin id 86000 published 2015-09-18 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/86000 title RHEL 6 : qemu-kvm-rhev (RHSA-2015:1740) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2015-1793.NASL description From Red Hat Security Advisory 2015:1793 : Updated qemu-kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An information leak flaw was found in the way QEMU last seen 2020-06-01 modified 2020-06-02 plugin id 85959 published 2015-09-16 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85959 title Oracle Linux 7 : qemu-kvm (ELSA-2015-1793) NASL family Fedora Local Security Checks NASL id FEDORA_2015-13402.NASL description - Rebased to version 2.3.1 - Fix crash in qemu_spice_create_display (bz #1163047) - Fix qemu-img map crash for unaligned image (bz #1229394) - CVE-2015-3209: pcnet: multi-tmd buffer overflow in the tx path (bz #1230536) - CVE-2015-3214: i8254: out-of-bounds memory access (bz #1243728) - CVE-2015-5158: scsi stack-based buffer overflow (bz #1246025) - CVE-2015-5154: ide: atapi: heap overflow during I/O buffer memory access (bz #1247141) - CVE-2015-5166: BlockBackend object use after free issue (bz #1249758) - CVE-2015-5745: buffer overflow in virtio-serial (bz #1251160) - CVE-2015-5165: rtl8139 uninitialized heap memory information leakage to guest (bz #1249755) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-08-18 plugin id 85480 published 2015-08-18 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/85480 title Fedora 22 : qemu-2.3.1-1.fc22 (2015-13402) NASL family Fedora Local Security Checks NASL id FEDORA_2015-15944.NASL description libxl fails to honour readonly flag on disks with qemu-xen [XSA-142 (possible fix)] ---- Use after free in QEMU/Xen block unplug protocol [XSA-139, CVE-2015-5166] QEMU leak of uninitialized heap memory in rtl8139 device model [XSA-140, CVE-2015-5165] Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-09-28 plugin id 86162 published 2015-09-28 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/86162 title Fedora 22 : xen-4.5.1-8.fc22 (2015-15944) NASL family Fedora Local Security Checks NASL id FEDORA_2015-13358.NASL description - Rebased to version 2.4.0 * Support for virtio-gpu, 2D only * Support for virtio-based keyboard/mouse/tablet emulation * x86 support for memory hot-unplug - ACPI v5.1 table support for last seen 2020-06-05 modified 2015-08-24 plugin id 85592 published 2015-08-24 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/85592 title Fedora 23 : qemu-2.4.0-1.fc23 (2015-13358) NASL family SuSE Local Security Checks NASL id SUSE_SU-2015-1384-1.NASL description This security update of Xen fixes the following issues : - bsc#939712 (XSA-140): QEMU leak of uninitialized heap memory in rtl8139 device model (CVE-2015-5165) - bsc#939709 (XSA-139): Use after free in QEMU/Xen block unplug protocol (CVE-2015-5166) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 85505 published 2015-08-18 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85505 title SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2015:1384-1)
Redhat
advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
rpms |
|
References
- http://xenbits.xen.org/xsa/advisory-140.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167820.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167792.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.securityfocus.com/bid/76153
- http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00027.html
- http://support.citrix.com/article/CTX201717
- http://rhn.redhat.com/errata/RHSA-2015-1833.html
- http://rhn.redhat.com/errata/RHSA-2015-1793.html
- http://rhn.redhat.com/errata/RHSA-2015-1740.html
- http://rhn.redhat.com/errata/RHSA-2015-1739.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165373.html
- http://www.securitytracker.com/id/1033176
- http://rhn.redhat.com/errata/RHSA-2015-1683.html
- http://rhn.redhat.com/errata/RHSA-2015-1674.html
- http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00018.html
- http://www.debian.org/security/2015/dsa-3349
- http://www.debian.org/security/2015/dsa-3348
- https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13