Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2015-5166

Опубликовано: 12 авг. 2015
Источник: debian

Описание

Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
qemufixed1:2.4+dfsg-1apackage
qemunot-affectedjessiepackage
qemunot-affectedwheezypackage
qemunot-affectedsqueezepackage
qemu-kvmnot-affectedpackage
xenfixed4.4.0-1package
xennot-affectedwheezypackage
xennot-affectedsqueezepackage

Примечания

  • Xen switched to qemu-system in 4.4.0-1

  • pci_piix3_xen_ide_unplug introduced in http://git.qemu.org/?p=qemu.git;a=commitdiff;h=679f4f8b178e7c66fbc2f39c905374ee8663d5d8 (v1.0-rc0)

  • BlockDriverState converted to BlockBackend in http://git.qemu.org/?p=qemu.git;a=commitdiff;h=4be746345f13e99e468c60acbd3a355e8183e3ce (v2.2.0-rc0)

  • Fixed by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=6cd387833d05e8ad31829d97e474dc420625aed9 (v2.4.0-rc4)

  • http://xenbits.xen.org/xsa/advisory-139.html

Связанные уязвимости

ubuntu логотип

CVE-2015-5166

ubuntu
больше 10 лет назад

Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice.

redhat логотип

CVE-2015-5166

redhat
больше 10 лет назад

Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice.

nvd логотип

CVE-2015-5166

nvd
больше 10 лет назад

Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice.

github логотип

GHSA-gpg2-4ppg-g82w

github
больше 3 лет назад

Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice.

fstec логотип

BDU:2015-11315

fstec
больше 10 лет назад

Уязвимость гипервизора Xen, позволяющая нарушителю получить привилегии, позволяющие выполнять отключение блочных устройств