Lucene search

K
cve[email protected]CVE-2015-2150
HistoryMar 12, 2015 - 2:59 p.m.

CVE-2015-2150

2015-03-1214:59:02
CWE-264
web.nvd.nist.gov
136
cve-2015-2150
xen
linux kernel
pci command registers
denial of service
nvd

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

5.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.2%

Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest OS users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response.

Affected configurations

NVD
Node
ubuntuubuntuMatch12.04lts
Node
xenxenMatch3.3.0
OR
xenxenMatch3.3.1
OR
xenxenMatch3.3.2
OR
xenxenMatch3.4.0
OR
xenxenMatch3.4.1
OR
xenxenMatch3.4.2
OR
xenxenMatch3.4.3
OR
xenxenMatch3.4.4
OR
xenxenMatch4.0.0
OR
xenxenMatch4.0.1
OR
xenxenMatch4.0.2
OR
xenxenMatch4.0.3
OR
xenxenMatch4.0.4
OR
xenxenMatch4.1.0
OR
xenxenMatch4.1.1
OR
xenxenMatch4.1.2
OR
xenxenMatch4.1.3
OR
xenxenMatch4.1.4
OR
xenxenMatch4.1.5
OR
xenxenMatch4.1.6.1
OR
xenxenMatch4.2.0
OR
xenxenMatch4.2.1
OR
xenxenMatch4.2.2
OR
xenxenMatch4.2.3
OR
xenxenMatch4.3.0
OR
xenxenMatch4.3.1
OR
xenxenMatch4.4.0
OR
xenxenMatch4.4.0rc1
OR
xenxenMatch4.4.1-
OR
xenxenMatch4.5.0
Node
linuxlinux_kernelRange3.19.1
CPENameOperatorVersion
ubuntu:ubuntuubuntueq12.04

References

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

5.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.2%