CVE-2015-4106

Advisory lineage Upstream: 0 Downstream: 10
Modified
Published: 03 Jun 2015, 20:00
Last modified:06 Aug 2024, 06:04

Vulnerability Summary

Overall Risk (default)
low
18/100
CVSS Score
4.6 MEDIUM
v2.0 (nvd)
EPSS Score
0.08% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

03 Jun 2015, 20:00
Published
Vulnerability first disclosed
06 Aug 2024, 06:04
Last Modified
Vulnerability information updated

Description

QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors.

CVSS Metrics

  • v2.0MEDIUMScore: 4.6AV:L/AC:L/Au:N/C:P/I:P/A:P

EPSS Trends

Current EPSS score: 0.08% Percentile: 25%

Techniques & Countermeasures

  • CWE-863Incorrect Authorization

    The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

Affected Systems

  • canonicalubuntu_linux

    12.04 | 14.04 | 14.10 | 15.04

  • citrixxenserver

    6.0 | 6.0.2 | 6.1.0 | 6.2.0 | 6.5

  • debiandebian_linux

    7.0 | 8.0

  • fedoraprojectfedora

    20 | 21 | 22

  • qemuqemu

    ≤ 2.3.1

  • suselinux_enterprise_desktop

    11:sp3 | 12

  • suselinux_enterprise_server

    11:sp1 | 11:sp2 | 11:sp3 | 12

  • suselinux_enterprise_software_development_kit

    11:sp3 | 12

References (16)