CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
EPSS
Percentile
26.7%
The PCI backend driver in Xen, when running on an x86 system and using
Linux 3.1.x through 4.3.x as the driver domain, allows local guest
administrators to hit BUG conditions and cause a denial of service (NULL
pointer dereference and host OS crash) by leveraging a system with access
to a passed-through MSI or MSI-X capable physical PCI device and a crafted
sequence of XEN_PCI_OP_* operations, aka “Linux pciback missing sanity
checks.”
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 12.04 | noarch | linux | < 3.2.0-97.137 | UNKNOWN |
ubuntu | 14.04 | noarch | linux | < 3.13.0-74.118 | UNKNOWN |
ubuntu | 15.04 | noarch | linux | < 3.19.0-42.48 | UNKNOWN |
ubuntu | 15.10 | noarch | linux | < 4.2.0-22.27 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-armadaxp | < 3.2.0-1661.85 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-lts-trusty | < 3.13.0-74.118~precise1 | UNKNOWN |
ubuntu | 14.04 | noarch | linux-lts-utopic | < 3.16.0-57.77~14.04.1 | UNKNOWN |
ubuntu | 14.04 | noarch | linux-lts-vivid | < 3.19.0-42.48~14.04.1 | UNKNOWN |
ubuntu | 14.04 | noarch | linux-lts-wily | < 4.2.0-22.27~14.04.1 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-ti-omap4 | < 3.2.0-1476.99 | UNKNOWN |
xenbits.xen.org/xsa/advisory-157.html
launchpad.net/bugs/cve/CVE-2015-8551
nvd.nist.gov/vuln/detail/CVE-2015-8551
security-tracker.debian.org/tracker/CVE-2015-8551
ubuntu.com/security/notices/USN-2846-1
ubuntu.com/security/notices/USN-2847-1
ubuntu.com/security/notices/USN-2848-1
ubuntu.com/security/notices/USN-2849-1
ubuntu.com/security/notices/USN-2850-1
ubuntu.com/security/notices/USN-2851-1
ubuntu.com/security/notices/USN-2853-1
ubuntu.com/security/notices/USN-2854-1
www.cve.org/CVERecord?id=CVE-2015-8551
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
EPSS
Percentile
26.7%