CVE-2015-4106Incorrect Authorization in Qemu

CWE-863Incorrect Authorization8 documents8 sources
Severity
4.6MEDIUMNVD
EPSS
0.1%
top 75.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
QemuXENCanonical Ubuntu Linux+6 more
Timeline
PublishedJun 3
Latest updateMay 13

Description

QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages7 packages

Debianqemu/qemu< 1:2.3+dfsg-5+3
NVDqemu/qemu2.3.1
Debianxen/xen< 4.4.0-1+3
NVDcitrix/xenserver5 versions+4

Also affects: Debian Linux 7.0, 8.0, Fedora 20, 21, 22, Ubuntu Linux 12.04, 14.04, 14.10, 15.04

🔴Vulnerability Details

3
GHSA
GHSA-53r2-p844-jg4x: QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to g2022-05-13
CVEList
CVE-2015-4106: QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to g2015-06-03
OSV
CVE-2015-4106: QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to g2015-06-03

📋Vendor Advisories

3
Ubuntu
QEMU vulnerabilities2015-06-10
Red Hat
xen: unmediated PCI register access in qemu (xsa-131)2015-06-02
Debian
CVE-2015-4106: qemu - QEMU does not properly restrict write access to the PCI config space for certain...2015

💬Community

1
Bugzilla
CVE-2015-4106 xen: unmediated PCI register access in qemu (xsa-131) [fedora-all]2015-06-03
CVE-2015-4106 — Incorrect Authorization in Qemu | cvebase