CVE-2015-5154

Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.

Published: Aug 12, 2015
Updated: Apr 13, 2023
CVE: CVE-2015-5154
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
xen / xen	-	4.5.0.x
xen / xen	4.5.1	4.5.1.x
suse / linux_enterprise_server	11-sp4	11-sp4.x
suse / linux_enterprise_desktop	11-sp4	11-sp4.x
suse / linux_enterprise_software_development_kit	12	12.x
suse / linux_enterprise_software_development_kit	11-sp4	11-sp4.x
suse / linux_enterprise_desktop	12	12.x
suse / linux_enterprise_debuginfo	11-sp4	11-sp4.x
suse / suse_linux_enterprise_server	12	12.x
fedoraproject / fedora	22	22.x
fedoraproject / fedora	23	23.x
fedoraproject / fedora	21	21.x
qemu / qemu	-	2.3.0.x

http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163472.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163658.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163681.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00041.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00042.html
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00017.html
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00018.html
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00020.html
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00022.html
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00027.html
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00019.html
http://rhn.redhat.com/errata/RHSA-2015-1507.html
http://rhn.redhat.com/errata/RHSA-2015-1508.html
http://rhn.redhat.com/errata/RHSA-2015-1512.html
http://support.citrix.com/article/CTX201593
http://www.debian.org/security/2015/dsa-3348
http://www.securityfocus.com/bid/76048
http://www.securitytracker.com/id/1033074
http://xenbits.xen.org/xsa/advisory-138.html
https://security.gentoo.org/glsa/201510-02
https://security.gentoo.org/glsa/201604-03

Vulnerability Database

289,599

CVE-2015-5154