CVE-2015-8552

CWE-20Improper Input Validation14 documents8 sources
Severity
4.4MEDIUM
EPSS
0.2%
top 62.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Canonical Ubuntu LinuxDebian Debian LinuxNovell Suse Linux Enterprise Debuginfo+2 more
Timeline
PublishedApr 13
Latest updateMay 17

Description

The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to generate a continuous stream of WARN messages and cause a denial of service (disk consumption) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and XEN_PCI_OP_enable_msi operations, aka "Linux pciback missing sanity checks."

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HExploitability: 0.8 | Impact: 3.6

Affected Packages4 packages

Debianlinux< 4.3.3-3+3
NVDxen/xen38 versions+37

Also affects: Debian Linux 6.0, Ubuntu Linux 12.04

🔴Vulnerability Details

3
GHSA
GHSA-5rmx-m9vr-559r: The PCI backend driver in Xen, when running on an x86 system and using Linux 32022-05-17
OSV
CVE-2015-8552: The PCI backend driver in Xen, when running on an x86 system and using Linux 32016-04-13
CVEList
CVE-2015-8552: The PCI backend driver in Xen, when running on an x86 system and using Linux 32016-04-13

📋Vendor Advisories

8
Ubuntu
Linux kernel (Wily HWE) vulnerabilities2015-12-20
Ubuntu
Linux kernel (Vivid HWE) vulnerabilities2015-12-20
Ubuntu
Linux kernel (Trusty HWE) vulnerabilities2015-12-19
Ubuntu
Linux kernel vulnerabilities2015-12-19
Ubuntu
Linux kernel vulnerabilities2015-12-19

💬Community

2
Bugzilla
CVE-2015-8554 CVE-2015-8555 CVE-2015-8550 CVE-2015-8551 CVE-2015-8552 CVE-2015-2150 CVE-2015-8553 xen: various flaws [fedora-all]2015-12-17
Bugzilla
CVE-2015-8551 CVE-2015-8552 xsa157 xen: Linux pciback missing sanity checks leading to crash (XSA-157)2015-12-07
CVE-2015-8552 (MEDIUM CVSS 4.4) | The PCI backend driver in Xen | cvebase.io