← Back

CVE-2015-8552

nvd nist
Published: Apr 13, 2016Modified: May 6, 2026

JSON object

Loading...
4.4
Vector
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Exploitability: 0.8 / Impact: 3.6
Source: NVD

Description

The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to generate a continuous stream of WARN messages and cause a denial of service (disk consumption) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and XEN_PCI_OP_enable_msi operations, aka "Linux pciback missing sanity checks."

Affected (43)

Products: Xen: Xen · Canonical: Ubuntu Linux · Debian: Debian Linux · +1 more
Show all products
Xen: Xen · Canonical: Ubuntu Linux · Debian: Debian Linux · Novell: Suse Linux Enterprise Debuginfo, Suse Linux Enterprise Real Time Extension
Xen
1 product
Xen
Canonical
1 product
Ubuntu Linux
Debian
1 product
Debian Linux
Novell
2 products
Suse Linux Enterprise Debuginfo
Suse Linux Enterprise Real Time Extension
Configuration A
38 vulnerable
Vulnerable SoftwareAffected Versions
Xen
Xen
Version 3.1.3
Xen
Version 3.1.4
Xen
Version 3.2.0
Xen
Version 3.2.1
Xen
Version 3.2.2
Xen
Version 3.2.3
Xen
Version 3.3.0
Xen
Version 3.3.1
Xen
Version 3.3.2
Xen
Version 3.4.0
Xen
Version 3.4.1
Xen
Version 3.4.2
Xen
Version 3.4.3
Xen
Version 3.4.4
Xen
Version 4.0.0
Xen
Version 4.0.1
Xen
Version 4.0.2
Xen
Version 4.0.3
Xen
Version 4.0.4
Xen
Version 4.1.0
Xen
Version 4.1.1
Xen
Version 4.1.2
Xen
Version 4.1.3
Xen
Version 4.1.4
Xen
Version 4.1.5
Xen
Version 4.1.6.1
Xen
Version 4.1.6
Xen
Version 4.2.0
Xen
Version 4.2.1
Xen
Version 4.2.2
Xen
Version 4.2.3
Xen
Version 4.2.4
Xen
Version 4.2.5
Xen
Version 4.3.0
Xen
Version 4.3.1
Xen
Version 4.3.2
Xen
Version 4.3.3
Xen
Version 4.3.4
Configuration B
2 vulnerable
Vulnerable SoftwareAffected Versions
Ubuntu Linux
Version 12.04
Debian Linux
Version 6.0
Configuration C
3 vulnerable
Vulnerable SoftwareAffected Versions
Suse Linux Enterprise Debuginfo
Version 11 sp4
Novell
Suse Linux Enterprise Real Time Extension
Version 11 sp4
Suse Linux Enterprise Real Time Extension
Version 12 sp1

Related CWEs

CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (24)

Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Third Party AdvisoryVDB Entry
Source: cve@mitre.org
Third Party AdvisoryVDB Entry
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.