Lucene search

K
ubuntucveUbuntu.comUB:CVE-2015-8551
HistoryDec 17, 2015 - 12:00 a.m.

CVE-2015-8551

2015-12-1700:00:00
ubuntu.com
ubuntu.com
22

CVSS2

4.7

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:N/A:C

CVSS3

6

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

EPSS

0.001

Percentile

26.7%

The PCI backend driver in Xen, when running on an x86 system and using
Linux 3.1.x through 4.3.x as the driver domain, allows local guest
administrators to hit BUG conditions and cause a denial of service (NULL
pointer dereference and host OS crash) by leveraging a system with access
to a passed-through MSI or MSI-X capable physical PCI device and a crafted
sequence of XEN_PCI_OP_* operations, aka “Linux pciback missing sanity
checks.”

Bugs

CVSS2

4.7

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:N/A:C

CVSS3

6

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

EPSS

0.001

Percentile

26.7%