CVE-2015-2756

2015-04-0100:00:00

ubuntu.com

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

0.001 Low

EPSS

Percentile

27.0%

JSON

QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict access
to PCI command registers, which might allow local HVM guest users to cause
a denial of service (non-maskable interrupt and host crash) by disabling
the (1) memory or (2) I/O decoding for a PCI Express device and then
accessing the device, which triggers an Unsupported Request (UR) response.

Notes

Author	Note
smb	This is a qemu change which is part of the xen package for the “traditional” qemu. Trusty and newer only provide qemu traditional as a backup but by default use the generic qemu from the archive and Vivid completely drops qemu traditional. So the non-qemut patches in that XSA need to go into qemu.

OSVersionArchitecturePackageVersionFilename
ubuntu14.04noarchqemu< 2.0.0+dfsg-2ubuntu1.11UNKNOWN
ubuntu14.10noarchqemu< 2.1+dfsg-4ubuntu6.6UNKNOWN
ubuntu15.04noarchqemu< 1:2.2+dfsg-5expubuntu9UNKNOWN
ubuntu12.04noarchxen< 4.1.6.1-0ubuntu0.12.04.6UNKNOWN
ubuntu14.04noarchxen< 4.4.1-0ubuntu0.14.04.5UNKNOWN
ubuntu14.10noarchxen< 4.4.1-0ubuntu0.14.10.5UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	14.04	noarch	qemu	< 2.0.0+dfsg-2ubuntu1.11	UNKNOWN
ubuntu	14.10	noarch	qemu	< 2.1+dfsg-4ubuntu6.6	UNKNOWN
ubuntu	15.04	noarch	qemu	< 1:2.2+dfsg-5expubuntu9	UNKNOWN
ubuntu	12.04	noarch	xen	< 4.1.6.1-0ubuntu0.12.04.6	UNKNOWN
ubuntu	14.04	noarch	xen	< 4.4.1-0ubuntu0.14.04.5	UNKNOWN
ubuntu	14.10	noarch	xen	< 4.4.1-0ubuntu0.14.10.5	UNKNOWN