CVE-2015-5166
Published: 12 August 2015
Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice.
Notes
| Author | Note |
|---|---|
| mdeslaur | precise and trusty don't look affected |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
qemu Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
| trusty |
Not vulnerable
(code not present)
|
|
| upstream |
Needs triage
|
|
| utopic |
Ignored
(end of life)
|
|
| vivid |
Released
(1:2.2+dfsg-5expubuntu9.4)
|
|
|
Patches: upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=6cd387833d05e8ad31829d97e474dc420625aed9 |
||
|
qemu-kvm Launchpad, Ubuntu, Debian |
precise |
Not vulnerable
(code not present)
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| utopic |
Does not exist
|
|
| vivid |
Does not exist
|
|
|
xen Launchpad, Ubuntu, Debian |
precise |
Not vulnerable
(code not present)
|
| trusty |
Does not exist
(trusty was not-affected [code not present])
|
|
| upstream |
Needs triage
|
|
| utopic |
Ignored
(end of life)
|
|
| vivid |
Not vulnerable
(code not present)
|
|
| Binaries built from this source package are in Universe and so are supported by the community. | ||