CVE-2015-8554 — Improper Restriction of Operations within the Bounds of a Memory Buffer in XEN

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents6 sources

Severity

7.5HIGHNVD

EPSS

0.1%

top 81.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN

Timeline

PublishedApr 14

Latest updateMay 17

Description

Buffer overflow in hw/pt-msi.c in Xen 4.6.x and earlier, when using the qemu-xen-traditional (aka qemu-dm) device model, allows local x86 HVM guest administrators to gain privileges by leveraging a system with access to a passed-through MSI-X capable physical PCI device and MSI-X table entries, related to a "write path."

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 0.8 | Impact: 6.0

Affected Packages3 packages

▶debiandebian/xen< xen 4.4.0-1 (bookworm)

▶Debianxen/xen< 4.4.0-1+3

▶NVDxen/xen4.6.1

🔴Vulnerability Details

GHSA

GHSA-jj32-x32m-v858: Buffer overflow in hw/pt-msi↗2022-05-17

▶

OSV

CVE-2015-8554: Buffer overflow in hw/pt-msi↗2016-04-14

▶

📋Vendor Advisories

Red Hat

xen: qemu-dm buffer overrun in MSI-X handling (XSA-164)↗2015-12-17

▶

Debian

CVE-2015-8554: xen - Buffer overflow in hw/pt-msi.c in Xen 4.6.x and earlier, when using the qemu-xen...↗2015

▶

💬Community

Bugzilla

CVE-2015-8554 CVE-2015-8555 CVE-2015-8550 CVE-2015-8551 CVE-2015-8552 CVE-2015-2150 CVE-2015-8553 xen: various flaws [fedora-all]↗2015-12-17

▶

Bugzilla

CVE-2015-8554 xsa164 xen: qemu-dm buffer overrun in MSI-X handling (XSA-164)↗2015-12-07

▶