← Back

CVE-2015-4106

nvd nist
Published: Jun 3, 2015Modified: May 6, 2026

JSON object

Loading...
4.6
Vector
AV:L/AC:L/Au:N/C:P/I:P/A:P
Exploitability: 3.9 / Impact: 6.4
Source: NVD

Description

QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors.

Affected (23)

Products: Qemu: Qemu · Debian: Debian Linux · Fedoraproject: Fedora · +3 more
Show all products
Qemu: Qemu · Debian: Debian Linux · Fedoraproject: Fedora · Suse: Linux Enterprise Desktop, Linux Enterprise Server, Linux Enterprise Software Development Kit · Citrix: Xenserver · Canonical: Ubuntu Linux
Qemu
1 product
Qemu
Debian
1 product
Debian Linux
Fedoraproject
1 product
Fedora
Suse
3 products
Linux Enterprise Desktop
Linux Enterprise Server
Linux Enterprise Software Development Kit
Citrix
1 product
Xenserver
Canonical
1 product
Ubuntu Linux
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Qemu
Up to 2.3.1
Configuration B
2 vulnerable
Vulnerable SoftwareAffected Versions
Debian
Debian Linux
Version 7.0
Debian Linux
Version 8.0
Configuration C
3 vulnerable
Vulnerable SoftwareAffected Versions
Fedoraproject
Fedora
Version 20
Fedora
Version 21
Fedora
Version 22
Configuration D
8 vulnerable
Vulnerable SoftwareAffected Versions
Suse
Linux Enterprise Desktop
Version 11 sp3
Linux Enterprise Desktop
Version 12
Suse
Linux Enterprise Server
Version 11 sp1
Linux Enterprise Server
Version 11 sp2
Linux Enterprise Server
Version 11 sp3
Linux Enterprise Server
Version 12
Suse
Linux Enterprise Software Development Kit
Version 11 sp3
Linux Enterprise Software Development Kit
Version 12
Configuration E
5 vulnerable
Vulnerable SoftwareAffected Versions
Citrix
Xenserver
Version 6.0.2
Xenserver
Version 6.0
Xenserver
Version 6.1.0
Xenserver
Version 6.2.0
Xenserver
Version 6.5
Configuration F
4 vulnerable
Vulnerable SoftwareAffected Versions
Canonical
Ubuntu Linux
Version 12.04
Ubuntu Linux
Version 14.04
Ubuntu Linux
Version 14.10
Ubuntu Linux
Version 15.04

Related CWEs

CWE-863
Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (32)

Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party AdvisoryVDB Entry
Source: cve@mitre.org
Third Party AdvisoryVDB Entry
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.