DEBIAN-CVE-2015-8551

Advisory lineage Upstream: 1 Downstream: 1

Upstream

CVE-2015-8551

Downstream

DSA-3434-1

Published: 13 Apr 2016, 15:59

Last modified:28 Apr 2026, 20:14

Vulnerability Summary

Overall Risk (default)

low

24/100

CVSS Score

6 MEDIUM

3.1 (osv_debian)

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

13 Apr 2016, 15:59

Published

Vulnerability first disclosed

28 Apr 2026, 20:14

Last Modified

Vulnerability information updated

Description

The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to hit BUG conditions and cause a denial of service (NULL pointer dereference and host OS crash) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and a crafted sequence of XEN_PCI_OP_* operations, aka "Linux pciback missing sanity checks."

CVSS Metrics

v3.1•MEDIUM•Score: 6CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

Affected Systems

debian•linux
< 4.3.3-3 | < 4.3.3-3 | < 4.3.3-3 | < 4.3.3-3

References (1)

https://security-tracker.debian.org/tracker/CVE-2015-8551