CVE-2015-8551
Summary
| CVE | CVE-2015-8551 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2016-04-13 15:59:00 UTC |
| Updated | 2020-08-26 13:53:00 UTC |
| Description | The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to hit BUG conditions and cause a denial of service (NULL pointer dereference and host OS crash) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and a crafted sequence of XEN_PCI_OP_* operations, aka "Linux pciback missing sanity checks." |
Risk And Classification
Problem Types: CWE-476
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Debian | Debian Linux | 7.0 | All | All | All |
| Operating System | Debian | Debian Linux | 8.0 | All | All | All |
| Operating System | Debian | Debian Linux | 7.0 | All | All | All |
| Operating System | Debian | Debian Linux | 8.0 | All | All | All |
| Operating System | Linux | Linux Kernel | All | All | All | All |
| Operating System | Linux | Linux Kernel | All | All | All | All |
| Operating System | Opensuse | Opensuse | 13.1 | All | All | All |
| Operating System | Opensuse | Opensuse | 13.1 | All | All | All |
| Operating System | Suse | Linux Enterprise Desktop | 11 | sp4 | All | All |
| Operating System | Suse | Linux Enterprise Desktop | 12 | sp1 | All | All |
| Operating System | Suse | Linux Enterprise Desktop | 11 | sp4 | All | All |
| Operating System | Suse | Linux Enterprise Desktop | 12 | sp1 | All | All |
| Operating System | Suse | Linux Enterprise Real Time Extension | 11 | sp4 | All | All |
| Operating System | Suse | Linux Enterprise Real Time Extension | 12 | sp1 | All | All |
| Operating System | Suse | Linux Enterprise Real Time Extension | 11 | sp4 | All | All |
| Operating System | Suse | Linux Enterprise Real Time Extension | 12 | sp1 | All | All |
| Operating System | Suse | Linux Enterprise Server | 11 | - | All | All |
| Operating System | Suse | Linux Enterprise Server | 11 | sp4 | All | All |
| Operating System | Suse | Linux Enterprise Server | 12 | sp1 | All | All |
| Operating System | Suse | Linux Enterprise Server | 11 | - | All | All |
| Operating System | Suse | Linux Enterprise Server | 11 | sp4 | All | All |
| Operating System | Suse | Linux Enterprise Server | 12 | sp1 | All | All |
| Operating System | Suse | Linux Enterprise Software Development Kit | 11 | sp4 | All | All |
| Operating System | Suse | Linux Enterprise Software Development Kit | 12 | sp1 | All | All |
| Operating System | Suse | Linux Enterprise Software Development Kit | 11 | sp4 | All | All |
| Operating System | Suse | Linux Enterprise Software Development Kit | 12 | sp1 | All | All |
| Operating System | Suse | Linux Enterprise Workstation Extension | 12 | sp1 | All | All |
| Operating System | Suse | Linux Enterprise Workstation Extension | 12 | sp1 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Xen MSI Call Processing Bugs Let Local Users on the Guest System Deny Service on the Target Host System - SecurityTracker | SECTRACK | www.securitytracker.com | Third Party Advisory, VDB Entry |
| XSA-157 - Xen Security Advisories | CONFIRM | xenbits.xen.org | Vendor Advisory |
| [security-announce] SUSE-SU-2016:1937-1: important: Security update for | SUSE | lists.opensuse.org | Mailing List, Third Party Advisory |
| [security-announce] SUSE-SU-2016:1707-1: important: Security update for | SUSE | lists.opensuse.org | Mailing List, Third Party Advisory |
| Debian -- Security Information -- DSA-3434-1 linux | DEBIAN | www.debian.org | Third Party Advisory |
| [security-announce] SUSE-SU-2016:1102-1: important: Security update for | SUSE | lists.opensuse.org | Mailing List, Third Party Advisory |
| Xen: Multiple vulnerabilities (GLSA 201604-03) — Gentoo Security | GENTOO | security.gentoo.org | Third Party Advisory |
| [security-announce] SUSE-SU-2016:1764-1: important: Security update for | SUSE | lists.opensuse.org | Mailing List, Third Party Advisory |
| [security-announce] SUSE-SU-2016:2105-1: important: Security update for | SUSE | lists.opensuse.org | Mailing List, Third Party Advisory |
| [security-announce] openSUSE-SU-2016:2184-1: important: Security update | SUSE | lists.opensuse.org | Mailing List, Third Party Advisory |
| [security-announce] SUSE-SU-2016:0911-1: important: Security update for | SUSE | lists.opensuse.org | Mailing List, Third Party Advisory |
| Xen Multiple Denial of Service Vulnerabilities | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.