← Back

CVE-2015-8551

nvd nist
Published: Apr 13, 2016Modified: May 6, 2026

JSON object

Loading...
6.0
Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
Exploitability: 1.5 / Impact: 4.0
Source: NVD

Description

The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to hit BUG conditions and cause a denial of service (NULL pointer dereference and host OS crash) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and a crafted sequence of XEN_PCI_OP_* operations, aka "Linux pciback missing sanity checks."

Affected (15)

Products: Linux: Linux Kernel · Debian: Debian Linux · Opensuse: Opensuse · +1 more
Show all products
Linux: Linux Kernel · Debian: Debian Linux · Opensuse: Opensuse · Suse: Linux Enterprise Desktop, Linux Enterprise Real Time Extension, Linux Enterprise Server, Linux Enterprise Software Development Kit, Linux Enterprise Workstation Extension
Linux
1 product
Linux Kernel
Debian
1 product
Debian Linux
Opensuse
1 product
Opensuse
Suse
5 products
Linux Enterprise Desktop
Linux Enterprise Real Time Extension
Linux Enterprise Server
Linux Enterprise Software Development Kit
Linux Enterprise Workstation Extension
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Linux
Linux Kernel
From 3.1 to 3.1.10
Linux Kernel
From 4.3.0 to 4.3.6
Configuration B
2 vulnerable
Vulnerable SoftwareAffected Versions
Debian
Debian Linux
Version 7.0
Debian Linux
Version 8.0
Configuration C
11 vulnerable
Vulnerable SoftwareAffected Versions
Opensuse
Version 13.1
Suse
Linux Enterprise Desktop
Version 11 sp4
Linux Enterprise Desktop
Version 12 sp1
Suse
Linux Enterprise Real Time Extension
Version 11 sp4
Linux Enterprise Real Time Extension
Version 12 sp1
Suse
Linux Enterprise Server
Version 11
Linux Enterprise Server
Version 11 sp4
Linux Enterprise Server
Version 12 sp1
Suse
Linux Enterprise Software Development Kit
Version 11 sp4
Linux Enterprise Software Development Kit
Version 12 sp1
Linux Enterprise Workstation Extension
Version 12 sp1

Related CWEs

CWE-476
NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.

References (24)

Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party AdvisoryVDB Entry
Source: cve@mitre.org
Third Party AdvisoryVDB Entry
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.