1.7 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:S/C:N/I:N/A:P
4.4 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
32.8%
The PCI backend driver in Xen, when running on an x86 system and using
Linux 3.1.x through 4.3.x as the driver domain, allows local guest
administrators to generate a continuous stream of WARN messages and cause a
denial of service (disk consumption) by leveraging a system with access to
a passed-through MSI or MSI-X capable physical PCI device and
XEN_PCI_OP_enable_msi operations, aka “Linux pciback missing sanity
checks.”
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 12.04 | noarch | linux | < 3.2.0-97.137 | UNKNOWN |
ubuntu | 14.04 | noarch | linux | < 3.13.0-74.118 | UNKNOWN |
ubuntu | 15.04 | noarch | linux | < 3.19.0-42.48 | UNKNOWN |
ubuntu | 15.10 | noarch | linux | < 4.2.0-22.27 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-armadaxp | < 3.2.0-1661.85 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-lts-trusty | < 3.13.0-74.118~precise1 | UNKNOWN |
ubuntu | 14.04 | noarch | linux-lts-utopic | < 3.16.0-57.77~14.04.1 | UNKNOWN |
ubuntu | 14.04 | noarch | linux-lts-vivid | < 3.19.0-42.48~14.04.1 | UNKNOWN |
ubuntu | 14.04 | noarch | linux-lts-wily | < 4.2.0-22.27~14.04.1 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-ti-omap4 | < 3.2.0-1476.99 | UNKNOWN |
xenbits.xen.org/xsa/advisory-157.html
launchpad.net/bugs/cve/CVE-2015-8552
nvd.nist.gov/vuln/detail/CVE-2015-8552
security-tracker.debian.org/tracker/CVE-2015-8552
ubuntu.com/security/notices/USN-2846-1
ubuntu.com/security/notices/USN-2847-1
ubuntu.com/security/notices/USN-2848-1
ubuntu.com/security/notices/USN-2849-1
ubuntu.com/security/notices/USN-2850-1
ubuntu.com/security/notices/USN-2851-1
ubuntu.com/security/notices/USN-2853-1
ubuntu.com/security/notices/USN-2854-1
www.cve.org/CVERecord?id=CVE-2015-8552
1.7 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:S/C:N/I:N/A:P
4.4 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
32.8%