Vulnerability in Arista Eos

CVE-2015-5165

The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors.

EPSS: 0.129 (94.2th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

Public proof-of-concept exploits

References

  • RHSA-2015:1674 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory, Issue Tracking)
  • 1033176 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
  • SUSE-SU-2015:1643 (vendor-advisory, Mailing List, Third Party Advisory, Issue Tracking, x_refsource_SUSE)
  • DSA-3348 (vendor-advisory, Third Party Advisory, x_refsource_DEBIAN)
  • secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory)
  • secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory, Broken Link)
  • RHSA-2015:1683 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory, Issue Tracking)
  • RHSA-2015:1793 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory, Issue Tracking)
  • DSA-3349 (vendor-advisory, Third Party Advisory, x_refsource_DEBIAN)
  • FEDORA-2015-15944 (x_refsource_FEDORA, vendor-advisory, Mailing List, Third Party Advisory, Issue Tracking)

Frequently asked questions

What is CVE-2015-5165?
CVE-2015-5165 is a vulnerability in Arista Eos, classified under Use of Uninitialized Resource. Published 2015-08-12.
Is CVE-2015-5165 known to be exploited?
8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.