Lucene search

RedhatCVE-2015-5154

HistoryAug 12, 2015 - 2:59 p.m.

CVE-2015-5154

2015-08-1214:59:23

CWE-119

redhat

web.nvd.nist.gov

cve

2015

5154

heap-based buffer overflow

qemu

ide

subsystem

xen

cdrom drive

atapi commands

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.9

Confidence

High

EPSS

0.001

Percentile

41.8%

JSON

Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.

Affected configurations

Nvd

Node

xenxenRange≤4.5.0

xenxenMatch4.5.1

Node

suselinux_enterprise_debuginfoMatch11sp4

suselinux_enterprise_desktopMatch11sp4

suselinux_enterprise_desktopMatch12

suselinux_enterprise_serverMatch11sp4

suselinux_enterprise_software_development_kitMatch11sp4

suselinux_enterprise_software_development_kitMatch12

susesuse_linux_enterprise_serverMatch12

Node

fedoraprojectfedoraMatch21

fedoraprojectfedoraMatch22

fedoraprojectfedoraMatch23

Node

qemuqemuRange≤2.3.0

VendorProductVersionCPE
xenxen*cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*
xenxen4.5.1cpe:2.3:o:xen:xen:4.5.1:*:*:*:*:*:*:*
suselinux_enterprise_debuginfo11cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*
suselinux_enterprise_desktop11cpe:2.3:o:suse:linux_enterprise_desktop:11:sp4:*:*:*:*:*:*
suselinux_enterprise_desktop12cpe:2.3:o:suse:linux_enterprise_desktop:12:*:*:*:*:*:*:*
suselinux_enterprise_server11cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*
suselinux_enterprise_software_development_kit11cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4:*:*:*:*:*:*
suselinux_enterprise_software_development_kit12cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:*:*:*:*:*:*:*
susesuse_linux_enterprise_server12cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*
fedoraprojectfedora21cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
xen	xen	*	cpe:2.3:o:xen:xen::::::::
xen	xen	4.5.1	cpe:2.3:o:xen:xen:4.5.1:::::::*
suse	linux_enterprise_debuginfo	11	cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4::::::
suse	linux_enterprise_desktop	11	cpe:2.3:o:suse:linux_enterprise_desktop:11:sp4::::::
suse	linux_enterprise_desktop	12	cpe:2.3:o:suse:linux_enterprise_desktop:12:::::::*
suse	linux_enterprise_server	11	cpe:2.3:o:suse:linux_enterprise_server:11:sp4::::::
suse	linux_enterprise_software_development_kit	11	cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4::::::
suse	linux_enterprise_software_development_kit	12	cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:::::::*
suse	suse_linux_enterprise_server	12	cpe:2.3:o:suse:suse_linux_enterprise_server:12:::::::*
fedoraproject	fedora	21	cpe:2.3:o:fedoraproject:fedora:21:::::::*