DEBIAN-CVE-2015-8552

Advisory lineage Upstream: 1 Downstream: 1

Upstream

CVE-2015-8552

Downstream

DSA-3434-1

Published: 13 Apr 2016, 15:59

Last modified:28 Apr 2026, 20:14

Vulnerability Summary

Overall Risk (default)

low

18/100

CVSS Score

4.4 MEDIUM

3.0 (osv_debian)

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

13 Apr 2016, 15:59

Published

Vulnerability first disclosed

28 Apr 2026, 20:14

Last Modified

Vulnerability information updated

Description

The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to generate a continuous stream of WARN messages and cause a denial of service (disk consumption) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and XEN_PCI_OP_enable_msi operations, aka "Linux pciback missing sanity checks."

CVSS Metrics

v3.0•MEDIUM•Score: 4.4CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Affected Systems

debian•linux
< 4.3.3-3 | < 4.3.3-3 | < 4.3.3-3 | < 4.3.3-3

References (1)

https://security-tracker.debian.org/tracker/CVE-2015-8552