Lucene search

K
cveMitreCVE-2015-8551
HistoryApr 13, 2016 - 3:59 p.m.

CVE-2015-8551

2016-04-1315:59:05
CWE-476
mitre
web.nvd.nist.gov
86
cve-2015-8551
xen
pci backend
linux
null pointer dereference
denial of service
nvd
security vulnerability

CVSS2

4.7

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:N/A:C

CVSS3

6

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

AI Score

5.6

Confidence

High

EPSS

0.001

Percentile

26.7%

The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to hit BUG conditions and cause a denial of service (NULL pointer dereference and host OS crash) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and a crafted sequence of XEN_PCI_OP_* operations, aka “Linux pciback missing sanity checks.”

Affected configurations

Nvd
Node
linuxlinux_kernelRange3.13.1.10
OR
linuxlinux_kernelRange4.3.04.3.6
Node
debiandebian_linuxMatch7.0
OR
debiandebian_linuxMatch8.0
Node
opensuseopensuseMatch13.1
OR
suselinux_enterprise_desktopMatch11sp4
OR
suselinux_enterprise_desktopMatch12sp1
OR
suselinux_enterprise_real_time_extensionMatch11sp4
OR
suselinux_enterprise_real_time_extensionMatch12sp1
OR
suselinux_enterprise_serverMatch11-
OR
suselinux_enterprise_serverMatch11sp4
OR
suselinux_enterprise_serverMatch12sp1
OR
suselinux_enterprise_software_development_kitMatch11sp4
OR
suselinux_enterprise_software_development_kitMatch12sp1
OR
suselinux_enterprise_workstation_extensionMatch12sp1
VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
debiandebian_linux7.0cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
debiandebian_linux8.0cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
opensuseopensuse13.1cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
suselinux_enterprise_desktop11cpe:2.3:o:suse:linux_enterprise_desktop:11:sp4:*:*:*:*:*:*
suselinux_enterprise_desktop12cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*
suselinux_enterprise_real_time_extension11cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp4:*:*:*:*:*:*
suselinux_enterprise_real_time_extension12cpe:2.3:o:suse:linux_enterprise_real_time_extension:12:sp1:*:*:*:*:*:*
suselinux_enterprise_server11cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*
suselinux_enterprise_server11cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*
Rows per page:
1-10 of 141

CVSS2

4.7

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:N/A:C

CVSS3

6

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

AI Score

5.6

Confidence

High

EPSS

0.001

Percentile

26.7%