Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
CVE-2015-8552
CVE information
Published
Last Modified
CVSSv2.0 Severity
CVSSv3.1 Severity
Impact Analysis
Description
The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to generate a continuous stream of WARN messages and cause a denial of service (disk consumption) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and XEN_PCI_OP_enable_msi operations, aka "Linux pciback missing sanity checks.".
CVSSv2.0 Score
- Severity
- Low
- Base Score
- 1.7/10
- Exploit Score
- 3.1/10
- Access Vector
- Local
- Access Complexity
- Low
- Authentication Required
- Single
- Impact Score
- 2.9/10
- Confidentiality Impact
- None
- Availability Impact
- Partial
- Integrity Impact
- None
CVSSv3.1 Score
- Severity
- Medium
- Base Score
- 4.4/10
- Exploit Score
- 0.8/10
- Access Vector
- Local
- Access Complexity
- Low
- Privileges Required
- High
- Impact Score
- 3.6/10
- Confidentiality Impact
- None
- Availability Impact
- High
- Integrity Impact
- None
- Scope
- Unchanged
- User Interaction
- None
Products Affected
CPE | Affected | Vulnerable | Excluding | Edit |
---|---|---|---|---|
cpe:2.3:o:xen:xen:3.2.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:xen:xen:4.3.2:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:xen:xen:4.1.5:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:xen:xen:3.2.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:xen:xen:4.2.2:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:xen:xen:4.2.3:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:xen:xen:4.3.3:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:xen:xen:3.4.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:xen:xen:4.3.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:xen:xen:4.0.4:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:xen:xen:4.0.2:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:xen:xen:3.3.2:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:xen:xen:4.1.2:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:xen:xen:3.2.2:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:xen:xen:3.4.4:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:xen:xen:4.0.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:xen:xen:4.1.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:xen:xen:4.1.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:xen:xen:3.4.3:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:xen:xen:4.1.6:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:xen:xen:4.2.5:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:xen:xen:4.1.3:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:xen:xen:3.2.3:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:xen:xen:4.1.6.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:xen:xen:4.3.4:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:xen:xen:3.3.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:xen:xen:4.2.4:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:xen:xen:3.4.2:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:xen:xen:4.1.4:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:xen:xen:3.4.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:xen:xen:3.1.4:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:xen:xen:4.3.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:xen:xen:3.3.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:xen:xen:4.2.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:xen:xen:3.1.3:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:xen:xen:4.0.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:xen:xen:4.0.3:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:novell:suse_linux_enterprise_debuginfo:11:sp4:*:*: |
Yes
|
- | - | |
cpe:2.3:o:novell:suse_linux_enterprise_real_time_extension:1 |
Yes
|
- | - | |
cpe:2.3:o:novell:suse_linux_enterprise_real_time_extension:1 |
Yes
|
- | - |
References
- http://xenbits.xen.org/xsa/advisory-157.html
- http://www.securityfocus.com/bid/79546
- http://www.securitytracker.com/id/1034480
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html
- http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html
- https://security.gentoo.org/glsa/201604-03
- http://www.debian.org/security/2016/dsa-3434