CVE-2015-5166
Published: 12 August 2015
Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice.
Notes
Author | Note |
---|---|
mdeslaur | precise and trusty don't look affected |
Priority
Status
Package | Release | Status |
---|---|---|
qemu Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
trusty |
Not vulnerable
(code not present)
|
|
upstream |
Needs triage
|
|
utopic |
Ignored
(end of life)
|
|
vivid |
Released
(1:2.2+dfsg-5expubuntu9.4)
|
|
Patches: upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=6cd387833d05e8ad31829d97e474dc420625aed9 |
||
qemu-kvm Launchpad, Ubuntu, Debian |
precise |
Not vulnerable
(code not present)
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
utopic |
Does not exist
|
|
vivid |
Does not exist
|
|
xen Launchpad, Ubuntu, Debian |
precise |
Not vulnerable
(code not present)
|
trusty |
Does not exist
(trusty was not-affected [code not present])
|
|
upstream |
Needs triage
|
|
utopic |
Ignored
(end of life)
|
|
vivid |
Not vulnerable
(code not present)
|
|
Binaries built from this source package are in Universe and so are supported by the community. |