4.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:N/A:C
0.001 Low
EPSS
Percentile
27.0%
QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict access
to PCI command registers, which might allow local HVM guest users to cause
a denial of service (non-maskable interrupt and host crash) by disabling
the (1) memory or (2) I/O decoding for a PCI Express device and then
accessing the device, which triggers an Unsupported Request (UR) response.
Author | Note |
---|---|
smb | This is a qemu change which is part of the xen package for the “traditional” qemu. Trusty and newer only provide qemu traditional as a backup but by default use the generic qemu from the archive and Vivid completely drops qemu traditional. So the non-qemut patches in that XSA need to go into qemu. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 14.04 | noarch | qemu | < 2.0.0+dfsg-2ubuntu1.11 | UNKNOWN |
ubuntu | 14.10 | noarch | qemu | < 2.1+dfsg-4ubuntu6.6 | UNKNOWN |
ubuntu | 15.04 | noarch | qemu | < 1:2.2+dfsg-5expubuntu9 | UNKNOWN |
ubuntu | 12.04 | noarch | xen | < 4.1.6.1-0ubuntu0.12.04.6 | UNKNOWN |
ubuntu | 14.04 | noarch | xen | < 4.4.1-0ubuntu0.14.04.5 | UNKNOWN |
ubuntu | 14.10 | noarch | xen | < 4.4.1-0ubuntu0.14.10.5 | UNKNOWN |