Lucene search

[email protected]NVD:CVE-2015-8551

HistoryApr 13, 2016 - 3:59 p.m.

CVE-2015-8551

2016-04-1315:59:05

CWE-476

[email protected]

web.nvd.nist.gov

CVSS2

4.7

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:N/A:C

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

AI Score

6.1

Confidence

High

EPSS

0.001

Percentile

26.7%

JSON

The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to hit BUG conditions and cause a denial of service (NULL pointer dereference and host OS crash) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and a crafted sequence of XEN_PCI_OP_* operations, aka “Linux pciback missing sanity checks.”

Affected configurations

Nvd

Node

linuxlinux_kernelRange3.1–3.1.10

linuxlinux_kernelRange4.3.0–4.3.6

Node

debiandebian_linuxMatch7.0

debiandebian_linuxMatch8.0

Node

opensuseopensuseMatch13.1

suselinux_enterprise_desktopMatch11sp4

suselinux_enterprise_desktopMatch12sp1

suselinux_enterprise_real_time_extensionMatch11sp4

suselinux_enterprise_real_time_extensionMatch12sp1

suselinux_enterprise_serverMatch11-

suselinux_enterprise_serverMatch11sp4

suselinux_enterprise_serverMatch12sp1

suselinux_enterprise_software_development_kitMatch11sp4

suselinux_enterprise_software_development_kitMatch12sp1

suselinux_enterprise_workstation_extensionMatch12sp1

VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
debiandebian_linux7.0cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
debiandebian_linux8.0cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
opensuseopensuse13.1cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
suselinux_enterprise_desktop11cpe:2.3:o:suse:linux_enterprise_desktop:11:sp4:*:*:*:*:*:*
suselinux_enterprise_desktop12cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*
suselinux_enterprise_real_time_extension11cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp4:*:*:*:*:*:*
suselinux_enterprise_real_time_extension12cpe:2.3:o:suse:linux_enterprise_real_time_extension:12:sp1:*:*:*:*:*:*
suselinux_enterprise_server11cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*
suselinux_enterprise_server11cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*

Vendor	Product	Version	CPE
linux	linux_kernel	*	cpe:2.3:o:linux:linux_kernel::::::::
debian	debian_linux	7.0	cpe:2.3:o:debian:debian_linux:7.0:::::::*
debian	debian_linux	8.0	cpe:2.3:o:debian:debian_linux:8.0:::::::*
opensuse	opensuse	13.1	cpe:2.3:o:opensuse:opensuse:13.1:::::::*
suse	linux_enterprise_desktop	11	cpe:2.3:o:suse:linux_enterprise_desktop:11:sp4::::::
suse	linux_enterprise_desktop	12	cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1::::::
suse	linux_enterprise_real_time_extension	11	cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp4::::::
suse	linux_enterprise_real_time_extension	12	cpe:2.3:o:suse:linux_enterprise_real_time_extension:12:sp1::::::
suse	linux_enterprise_server	11	cpe:2.3:o:suse:linux_enterprise_server:11:-::::::
suse	linux_enterprise_server	11	cpe:2.3:o:suse:linux_enterprise_server:11:sp4::::::