Lucene search

[email protected]NVD:CVE-2015-8104

HistoryNov 16, 2015 - 11:59 a.m.

CVE-2015-8104

2015-11-1611:59:12

CWE-399

[email protected]

web.nvd.nist.gov

4.7 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:N/A:C

5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.2%

JSON

The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c.

Affected configurations

NVD

Node

xenxenMatch4.3.0

xenxenMatch4.3.1

xenxenMatch4.3.2

xenxenMatch4.3.3

xenxenMatch4.3.4

xenxenMatch4.4.0

xenxenMatch4.4.1

xenxenMatch4.4.2

xenxenMatch4.4.3

xenxenMatch4.5.0

xenxenMatch4.5.1

xenxenMatch4.5.2

xenxenMatch4.6.0

xenxenMatch4.6.1

xenxenMatch4.6.2

xenxenMatch4.6.4

xenxenMatch4.6.5

Node

oraclesolarisMatch11.3

Node

oraclevm_virtualboxRange4.0.0–4.0.34

oraclevm_virtualboxRange4.1.0–4.1.42

oraclevm_virtualboxRange4.2.0–4.2.34

oraclevm_virtualboxRange4.3.0–4.3.35

oraclevm_virtualboxRange5.0.0–5.0.13

Node

linuxlinux_kernelRange≤4.2.3

Node

debiandebian_linuxMatch7.0

debiandebian_linuxMatch8.0

debiandebian_linuxMatch9.0

Node

canonicalubuntu_linuxMatch12.04lts

canonicalubuntu_linuxMatch14.04lts

canonicalubuntu_linuxMatch15.04

References

git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cbdb967af3d54993f5814f1cee0ed311a055377d

lists.fedoraproject.org/pipermail/package-announce/2015-November/172187.html

lists.fedoraproject.org/pipermail/package-announce/2015-November/172300.html

lists.fedoraproject.org/pipermail/package-announce/2015-November/172435.html

lists.opensuse.org/opensuse-security-announce/2015-11/msg00035.html

lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html

lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.html

lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.html

lists.opensuse.org/opensuse-security-announce/2016-02/msg00013.html

lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html

lists.opensuse.org/opensuse-updates/2015-12/msg00039.html

lists.opensuse.org/opensuse-updates/2015-12/msg00053.html

rhn.redhat.com/errata/RHSA-2015-2636.html

rhn.redhat.com/errata/RHSA-2015-2645.html

rhn.redhat.com/errata/RHSA-2016-0046.html

support.citrix.com/article/CTX202583

support.citrix.com/article/CTX203879

www.debian.org/security/2015/dsa-3414

www.debian.org/security/2015/dsa-3426

www.debian.org/security/2016/dsa-3454

www.openwall.com/lists/oss-security/2015/11/10/5

www.openwall.com/lists/oss-security/2023/10/10/4

www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

www.securityfocus.com/bid/77524

www.securityfocus.com/bid/91787

www.securitytracker.com/id/1034105

www.ubuntu.com/usn/USN-2840-1

www.ubuntu.com/usn/USN-2841-1

www.ubuntu.com/usn/USN-2841-2

www.ubuntu.com/usn/USN-2842-1

www.ubuntu.com/usn/USN-2842-2

www.ubuntu.com/usn/USN-2843-1

www.ubuntu.com/usn/USN-2843-2

www.ubuntu.com/usn/USN-2844-1

xenbits.xen.org/xsa/advisory-156.html

bugzilla.redhat.com/show_bug.cgi?id=1278496

github.com/torvalds/linux/commit/cbdb967af3d54993f5814f1cee0ed311a055377d

kb.juniper.net/JSA10783

4.7 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:N/A:C

5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.2%

JSON

Related for NVD:CVE-2015-8104

cvelist3 ubuntucve3 debiancve3 cve3 prion3 redhat7 nessus66 xen2 openvas52 fedora6 oraclelinux5 ubuntu8 freebsd1 centos2 nvd2 f52 osv5 mageia6 cloudfoundry1 debian5 kaspersky1 avleonov1 suse12