Security Bulletin: Vulnerability in qemu-kvm affects IBM SmartCloud Provisioning for IBM Software Virtual Appliance (CVE-2015-5165).
CVEID: CVE-2015-5165**
DESCRIPTION:** Xen could allow a local attacker to obtain sensitive information, caused by the improper validation of input in the C+ mode offload emulation by the QEMU model of the RTL8139 network card. An attacker could exploit this vulnerability to obtain host-level data.
CVSS Base Score: 6.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/105254 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
IBM SmartCloud Provisioning 2.1 for IBM Software Virtual Appliance
If you are running IBM SmartCloud Provisioning 2.1 for IBM Software Virtual Appliance, contact IBM support.
None