Qemu RTL8139 uninitialized heap memory information leakage Vulnerability (CVE-2015-5165)
Qemu RTL8139 uninitialized heap memory information leakage Vulnerability (CVE-2015-5165)
Release date:
Updated on:
Affected Systems:
QEMU
Description:
CVE (CAN) ID: CVE-2015-5165
QEMU is an open source simulator software.
The information leakage vulnerability exists when the Qemu that supports RTL8139 simulation processes network packets in C + mode of the RTL8139 processor. Client users can exploit this vulnerability to read uninitialized Qemu heap memory.
<* Source: Donghai Zhu
Link: https://bugzilla.redhat.com/show_bug.cgi? Id = 1248760
*>
Suggestion:
Vendor patch:
QEMU
----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://fabrice.bellard.free.fr/qemu/
Http://xenbits.xen.org/xsa/advisory-139.html
Http://xenbits.xen.org/xsa/advisory-140.html
Linux getting started Tutorial: QEMU for Virtual Machine experience
Ubuntu 12.04 cannot find the Qemu command
Install QEMU + efi bios on Arch Linux
QEMU translation framework and debugging tools
QEMU code analysis: BIOS loading process
QEMU details: click here
QEMU: click here
This article permanently updates the link address: