Security Bulletin: Vulnerability in qemu-kvm affects IBM SmartCloud Provisioning for IBM Software Virtual Appliance

2018-06-1722:30:14

www.ibm.com

0.003 Low

EPSS

Percentile

71.4%

JSON

Summary

Security Bulletin: Vulnerability in qemu-kvm affects IBM SmartCloud Provisioning for IBM Software Virtual Appliance (CVE-2015-5165).

Vulnerability Details

CVEID: CVE-2015-5165**
DESCRIPTION:** Xen could allow a local attacker to obtain sensitive information, caused by the improper validation of input in the C+ mode offload emulation by the QEMU model of the RTL8139 network card. An attacker could exploit this vulnerability to obtain host-level data.
CVSS Base Score: 6.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/105254 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

IBM SmartCloud Provisioning 2.1 for IBM Software Virtual Appliance

Remediation/Fixes

If you are running IBM SmartCloud Provisioning 2.1 for IBM Software Virtual Appliance, contact IBM support.

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm service agility accelerator for cloudeq2.1
ibm service agility accelerator for cloudeq2.1.0.1
ibm service agility accelerator for cloudeq2.1.0.2
ibm service agility accelerator for cloudeq2.1.0.3
ibm service agility accelerator for cloudeqany

Name	Operator	Version
ibm service agility accelerator for cloud	eq	2.1
ibm service agility accelerator for cloud	eq	2.1.0.1
ibm service agility accelerator for cloud	eq	2.1.0.2
ibm service agility accelerator for cloud	eq	2.1.0.3
ibm service agility accelerator for cloud	eq	any