CVE-2015-8552

Advisory lineage Upstream: 0 Downstream: 18

Downstream

DEBIAN-CVE-2015-8552 DSA-3434-1 MGASA-2016-0005 MGASA-2016-0014 MGASA-2016-0015 SUSE-SU-2016:0168-1

Modified

Published: 13 Apr 2016, 15:00

Last modified:06 Aug 2024, 08:20

Vulnerability Summary

Overall Risk (default)

low

18/100

CVSS Score

4.4 MEDIUM

v3.0 (nvd)

EPSS Score

0.19% LOW

0% probability +0.03%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

13 Apr 2016, 15:00

Published

Vulnerability first disclosed

06 Aug 2024, 08:20

Last Modified

Vulnerability information updated

Description

The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to generate a continuous stream of WARN messages and cause a denial of service (disk consumption) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and XEN_PCI_OP_enable_msi operations, aka "Linux pciback missing sanity checks."

CVSS Metrics

v3.0•MEDIUM•Score: 4.4CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
v2.0•LOW•Score: 1.7AV:L/AC:L/Au:S/C:N/I:N/A:P

EPSS Trends

Current EPSS score: 0.19%• Percentile: 41%

Techniques & Countermeasures

CWE-20•Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Affected Systems

canonical•ubuntu_linux
12.04
debian•debian_linux
6.0
novell•suse_linux_enterprise_debuginfo
11:sp4
novell•suse_linux_enterprise_real_time_extension
11:sp4 | 12:sp1
xen•xen
3.1.3 | 3.1.4 | 3.2.0 | 3.2.1 | 3.2.2 | 3.2.3 | 3.3.0 | 3.3.1 | 3.3.2 | 3.4.0 | 3.4.1 | 3.4.2 | 3.4.3 | 3.4.4 | 4.0.0 | 4.0.1 | 4.0.2 | 4.0.3 | 4.0.4 | 4.1.0 | 4.1.1 | 4.1.2 | 4.1.3 | 4.1.4 | 4.1.5 | 4.1.6 | 4.1.6.1 | 4.2.0 | 4.2.1 | 4.2.2 | 4.2.3 | 4.2.4 | 4.2.5 | 4.3.0 | 4.3.1 | 4.3.2 | 4.3.3 | 4.3.4