CVE-2015-5165

Publication date 12 August 2015

Last updated 24 July 2024

Ubuntu priority

The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
qemu	15.04 vivid	Fixed 1:2.2+dfsg-5expubuntu9.4
	14.10 utopic	Ignored end of life
	14.04 LTS trusty	Fixed 2.0.0+dfsg-2ubuntu1.17
	12.04 LTS precise	Not in release
qemu-kvm	15.04 vivid	Not in release
	14.10 utopic	Not in release
	14.04 LTS trusty	Not in release
	12.04 LTS precise	Fixed 1.0+noroms-0ubuntu14.24
xen	15.04 vivid	Not affected
	14.10 utopic	Ignored end of life
	14.04 LTS trusty	Fixed 4.4.2-0ubuntu0.14.04.2
	12.04 LTS precise	Fixed 4.1.6.1-0ubuntu0.12.04.6

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
qemu	Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=39b8e7dcaf04cbdb926b478f825b160d852752b5 Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=d6812d60e7932de3cd0f602c0ee63dd3d09f1847 Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=e1c120a9c54872f8a538ff9129d928de4e865cbd Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=03247d43c577dfea8181cd40177ad5ba77c8db76 Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=c6296ea88df040054ccd781f3945fe103f8c7c17 Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=4240be45632db7831129f124bcf53c1223825b0f Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=8357946b15f0a31f73dd691b7da95f29318ed310

Package

Patch details

qemu

References

Related Ubuntu Security Notices (USN)

USN-2724-1
QEMU vulnerabilities
27 August 2015

CVE-2015-5165

Status

Patch details

References

Related Ubuntu Security Notices (USN)

Other references