CVE-2015-8551

CWE-476NULL Pointer Dereference18 documents8 sources
Severity
6.0MEDIUM
EPSS
0.1%
top 77.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
Linux Linux KernelDebian Debian LinuxOpensuse Opensuse+5 more
Timeline
PublishedApr 13
Latest updateMay 13

Description

The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to hit BUG conditions and cause a denial of service (NULL pointer dereference and host OS crash) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and a crafted sequence of XEN_PCI_OP_* operations, aka "Linux pciback missing sanity checks."

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:HExploitability: 1.5 | Impact: 4.0

Affected Packages8 packages

Debianlinux< 4.3.3-3+3
NVDlinux/linux_kernel3.13.1.10+1

Also affects: Debian Linux 7.0, 8.0

🔴Vulnerability Details

7
GHSA
GHSA-xrr8-pr2x-q64f: The PCI backend driver in Xen, when running on an x86 system and using Linux 32022-05-13
CVEList
CVE-2015-8551: The PCI backend driver in Xen, when running on an x86 system and using Linux 32016-04-13
OSV
CVE-2015-8551: The PCI backend driver in Xen, when running on an x86 system and using Linux 32016-04-13
OSV
linux-lts-vivid vulnerabilities2015-12-20
OSV
linux-lts-wily vulnerabilities2015-12-20

📋Vendor Advisories

8
Ubuntu
Linux kernel (Wily HWE) vulnerabilities2015-12-20
Ubuntu
Linux kernel (Vivid HWE) vulnerabilities2015-12-20
Ubuntu
Linux kernel (Trusty HWE) vulnerabilities2015-12-19
Ubuntu
Linux kernel vulnerabilities2015-12-19
Ubuntu
Linux kernel vulnerabilities2015-12-19

💬Community

2
Bugzilla
CVE-2015-8554 CVE-2015-8555 CVE-2015-8550 CVE-2015-8551 CVE-2015-8552 CVE-2015-2150 CVE-2015-8553 xen: various flaws [fedora-all]2015-12-17
Bugzilla
CVE-2015-8551 CVE-2015-8552 xsa157 xen: Linux pciback missing sanity checks leading to crash (XSA-157)2015-12-07