Lucene search

K
cveMitreCVE-2015-8550
HistoryApr 14, 2016 - 2:59 p.m.

CVE-2015-8550

2016-04-1414:59:04
CWE-284
mitre
web.nvd.nist.gov
122
xen
cve-2015-8550
vulnerability
security
denial of service
privilege escalation
double fetch
nvd

CVSS2

5.7

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:L/AC:L/Au:S/C:P/I:P/A:C

CVSS3

8.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

29.6%

Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service (host OS crash) or gain privileges by writing to memory shared between the frontend and backend, aka a double fetch vulnerability.

Affected configurations

Nvd
Node
xenxenMatch-
Node
novellsuse_linux_enterprise_real_time_extensionMatch12sp1
VendorProductVersionCPE
xenxen-cpe:2.3:o:xen:xen:-:*:*:*:*:*:*:*
novellsuse_linux_enterprise_real_time_extension12cpe:2.3:o:novell:suse_linux_enterprise_real_time_extension:12:sp1:*:*:*:*:*:*

CVSS2

5.7

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:L/AC:L/Au:S/C:P/I:P/A:C

CVSS3

8.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

29.6%