CVE-2015-5166
EPSS 0.07%Published: 8/12/2015Modified: 4/28/2026
Also known as:DEBIAN-CVE-2015-5166
Description
Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice.
Affected packages (2)
- Debian/qemufrom 0, < 1:2.4+dfsg-1a
- Debian/xenfrom 0, < 4.4.0-1