Unrated severityNVD Advisory· Published Aug 12, 2015· Updated May 6, 2026
CVE-2015-5166
CVE-2015-5166
Description
Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice.
Affected products
17cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
- osv-coords13 versionspkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Desktop%2011%20SP3pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Desktop%2011%20SP4pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATApkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2012pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP3pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP3pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012
< 4.2.5_12-15.1+ 12 more
- (no CPE)range: < 4.2.5_12-15.1
- (no CPE)range: < 4.4.2_12-23.1
- (no CPE)range: < 4.4.2_10-22.8.1
- (no CPE)range: < 4.2.5_12-15.1
- (no CPE)range: < 4.2.5_12-15.1
- (no CPE)range: < 4.4.2_12-23.1
- (no CPE)range: < 4.4.2_10-22.8.1
- (no CPE)range: < 4.2.5_12-15.1
- (no CPE)range: < 4.4.2_12-23.1
- (no CPE)range: < 4.4.2_10-22.8.1
- (no CPE)range: < 4.2.5_12-15.1
- (no CPE)range: < 4.4.2_12-23.1
- (no CPE)range: < 4.4.2_10-22.8.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- xenbits.xen.org/xsa/advisory-139.htmlnvdPatchVendor Advisory
- lists.fedoraproject.org/pipermail/package-announce/2015-September/165373.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2015-September/167792.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2015-September/167820.htmlnvd
- www.securityfocus.com/bid/76152nvd
- www.securitytracker.com/id/1033175nvd
News mentions
0No linked articles in our index yet.