CVE-2015-5165

The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors.

Weakness

The product uses or accesses a resource that has not been initialized.

Affected Software

Name	Vendor	Start Version	End Version
Xen	Xen	*	4.5.0 (including)
Xen	Xen	4.5.1 (including)	4.5.1 (including)

Potential Mitigations

References

http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165373.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167792.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167820.html
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00018.html
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00027.html
http://rhn.redhat.com/errata/RHSA-2015-1674.html
http://rhn.redhat.com/errata/RHSA-2015-1683.html
http://rhn.redhat.com/errata/RHSA-2015-1739.html
http://rhn.redhat.com/errata/RHSA-2015-1740.html
http://rhn.redhat.com/errata/RHSA-2015-1793.html
http://rhn.redhat.com/errata/RHSA-2015-1833.html
http://support.citrix.com/article/CTX201717
http://www.debian.org/security/2015/dsa-3348
http://www.debian.org/security/2015/dsa-3349
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://www.securityfocus.com/bid/76153
http://www.securitytracker.com/id/1033176
http://xenbits.xen.org/xsa/advisory-140.html
https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13

NVD	https://nvd.nist.gov/vuln/detail/CVE-2015-5165
CWE	https://cwe.mitre.org/data/definitions/908.html

Use of Uninitialized Resource

Weakness

Affected Software

Potential Mitigations

References