CVE-2015-5165
qemu-kvm - security update
EPSS 11.5%
Description
The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors.
How to fix CVE-2015-5165
To remediate CVE-2015-5165, upgrade the affected package to a fixed version below.
- Debian/qemu—upgrade to 1:2.4+dfsg-1a or later
- Debian/qemu-kvm—upgrade to 1.1.2+dfsg-6+deb7u9 or later
- Debian/xen—upgrade to 4.4.0-1 or later
Is CVE-2015-5165 being exploited?
Moderate — EPSS is 11.5%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (3)
- from 0, < 1:2.4+dfsg-1a
- from 0, < 1.1.2+dfsg-6+deb7u9
- from 0, < 4.4.0-1