Lucene search

K
nvd[email protected]NVD:CVE-2015-8552
HistoryApr 13, 2016 - 3:59 p.m.

CVE-2015-8552

2016-04-1315:59:06
CWE-20
web.nvd.nist.gov
9

CVSS2

1.7

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:S/C:N/I:N/A:P

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

32.6%

The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to generate a continuous stream of WARN messages and cause a denial of service (disk consumption) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and XEN_PCI_OP_enable_msi operations, aka “Linux pciback missing sanity checks.”

Affected configurations

Nvd
Node
xenxenMatch3.1.3
OR
xenxenMatch3.1.4
OR
xenxenMatch3.2.0
OR
xenxenMatch3.2.1
OR
xenxenMatch3.2.2
OR
xenxenMatch3.2.3
OR
xenxenMatch3.3.0
OR
xenxenMatch3.3.1
OR
xenxenMatch3.3.2
OR
xenxenMatch3.4.0
OR
xenxenMatch3.4.1
OR
xenxenMatch3.4.2
OR
xenxenMatch3.4.3
OR
xenxenMatch3.4.4
OR
xenxenMatch4.0.0
OR
xenxenMatch4.0.1
OR
xenxenMatch4.0.2
OR
xenxenMatch4.0.3
OR
xenxenMatch4.0.4
OR
xenxenMatch4.1.0
OR
xenxenMatch4.1.1
OR
xenxenMatch4.1.2
OR
xenxenMatch4.1.3
OR
xenxenMatch4.1.4
OR
xenxenMatch4.1.5
OR
xenxenMatch4.1.6
OR
xenxenMatch4.1.6.1
OR
xenxenMatch4.2.0
OR
xenxenMatch4.2.1
OR
xenxenMatch4.2.2
OR
xenxenMatch4.2.3
OR
xenxenMatch4.2.4
OR
xenxenMatch4.2.5
OR
xenxenMatch4.3.0
OR
xenxenMatch4.3.1
OR
xenxenMatch4.3.2
OR
xenxenMatch4.3.3
OR
xenxenMatch4.3.4
Node
canonicalubuntu_linuxMatch12.04lts
OR
debiandebian_linuxMatch6.0
Node
novellsuse_linux_enterprise_debuginfoMatch11sp4
OR
novellsuse_linux_enterprise_real_time_extensionMatch11sp4
OR
novellsuse_linux_enterprise_real_time_extensionMatch12sp1
VendorProductVersionCPE
xenxen3.1.3cpe:2.3:o:xen:xen:3.1.3:*:*:*:*:*:*:*
xenxen3.1.4cpe:2.3:o:xen:xen:3.1.4:*:*:*:*:*:*:*
xenxen3.2.0cpe:2.3:o:xen:xen:3.2.0:*:*:*:*:*:*:*
xenxen3.2.1cpe:2.3:o:xen:xen:3.2.1:*:*:*:*:*:*:*
xenxen3.2.2cpe:2.3:o:xen:xen:3.2.2:*:*:*:*:*:*:*
xenxen3.2.3cpe:2.3:o:xen:xen:3.2.3:*:*:*:*:*:*:*
xenxen3.3.0cpe:2.3:o:xen:xen:3.3.0:*:*:*:*:*:*:*
xenxen3.3.1cpe:2.3:o:xen:xen:3.3.1:*:*:*:*:*:*:*
xenxen3.3.2cpe:2.3:o:xen:xen:3.3.2:*:*:*:*:*:*:*
xenxen3.4.0cpe:2.3:o:xen:xen:3.4.0:*:*:*:*:*:*:*
Rows per page:
1-10 of 431

CVSS2

1.7

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:S/C:N/I:N/A:P

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

32.6%