Design/Logic Flaw

2016-04-1315:59:00

PRIOn knowledge base

www.prio-n.com

4.4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

6.4 Medium

AI Score

Confidence

High

1.7 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:S/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

30.9%

JSON

The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to generate a continuous stream of WARN messages and cause a denial of service (disk consumption) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and XEN_PCI_OP_enable_msi operations, aka “Linux pciback missing sanity checks.”

CPENameOperatorVersion
ubuntu_linuxeq12.04
debian_linuxeq6.0
suse_linux_enterprise_debuginfoeq11 sp4
suse_linux_enterprise_real_time_extensioneq11 sp4
suse_linux_enterprise_real_time_extensioneq12 sp1
xeneq3.2.0
xeneq4.3.2
xeneq4.1.5
xeneq3.2.1
xeneq4.2.2

Name	Operator	Version
ubuntu_linux	eq	12.04
debian_linux	eq	6.0
suse_linux_enterprise_debuginfo	eq	11 sp4
suse_linux_enterprise_real_time_extension	eq	11 sp4
suse_linux_enterprise_real_time_extension	eq	12 sp1
xen	eq	3.2.0
xen	eq	4.3.2
xen	eq	4.1.5
xen	eq	3.2.1
xen	eq	4.2.2