Null pointer dereference

2016-04-1315:59:00

PRIOn knowledge base

www.prio-n.com

6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

6.4 Medium

AI Score

Confidence

High

4.7 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:N/A:C

0.001 Low

EPSS

Percentile

24.7%

JSON

The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to hit BUG conditions and cause a denial of service (NULL pointer dereference and host OS crash) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and a crafted sequence of XEN_PCI_OP_* operations, aka “Linux pciback missing sanity checks.”

CPENameOperatorVersion
debian_linuxeq8.0
debian_linuxeq7.0
linux_kernelge4.3.0
linux_kernelle4.3.6
linux_kernelge3.1
linux_kernelle3.1.10
opensuseeq13.1
linux_enterprise_desktopeq11 sp4
linux_enterprise_desktopeq12 sp1
linux_enterprise_real_time_extensioneq12 sp1

Name	Operator	Version
debian_linux	eq	8.0
debian_linux	eq	7.0
linux_kernel	ge	4.3.0
linux_kernel	le	4.3.6
linux_kernel	ge	3.1
linux_kernel	le	3.1.10
opensuse	eq	13.1
linux_enterprise_desktop	eq	11 sp4
linux_enterprise_desktop	eq	12 sp1
linux_enterprise_real_time_extension	eq	12 sp1