CVE-2015-8552
published 2016-04-13CVE-2015-8552: The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to…
medium4.4CVSS 3.0
AVLACLPRHUINSUCNINAH
The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to generate a continuous stream of WARN messages and cause a denial of service (disk consumption) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and XEN_PCI_OP_enable_msi operations, aka "Linux pciback missing sanity checks."
Affected
49 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | linux | < linux 4.3.3-3 (bookworm) | linux 4.3.3-3 (bookworm) |
| linux | linux_kernel | >= 0 < 4.3.3-3 | 4.3.3-3 |
| linux | linux_kernel | >= 0 < 4.3.3-3 | 4.3.3-3 |
| linux | linux_kernel | >= 0 < 4.3.3-3 | 4.3.3-3 |
| linux | linux_kernel | >= 0 < 4.3.3-3 | 4.3.3-3 |
| linux | linux_kernel | >= 0 < 3.13.0-74.118 | 3.13.0-74.118 |
| novell | suse_linux_enterprise_debuginfo | — | — |
| novell | suse_linux_enterprise_real_time_extension | — | — |
| novell | suse_linux_enterprise_real_time_extension | — | — |
| xen | xen | — | — |
| xen | xen | — | — |
| xen | xen | — | — |
| xen | xen | — | — |
| xen | xen | — | — |
| xen | xen | — | — |
| xen | xen | — | — |
| xen | xen | — | — |
| xen | xen | — | — |
| xen | xen | — | — |
| xen | xen | — | — |
| xen | xen | — | — |
| xen | xen | — | — |
| xen | xen | — | — |
CVSS provenance
nvdv3.04.4MEDIUMCVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
osv8.2HIGH