Home > Vulnerability Database > CVE-2015-8551

Mend.io Vulnerability Database

CVE-2015-8551

Good to know:

Date: April 13, 2016

The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to hit BUG conditions and cause a denial of service (NULL pointer dereference and host OS crash) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and a crafted sequence of XEN_PCI_OP_* operations, aka "Linux pciback missing sanity checks."

Language: C

Severity Score

6.0

Related Resources (17)

Url: http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html

Url: http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html

Url: http://www.securityfocus.com/bid/79546

Url: https://access.redhat.com/security/cve/CVE-2015-8551

Url: http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html

Url: http://xenbits.xen.org/xsa/advisory-157.html

Url: http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html

Url: http://www.debian.org/security/2016/dsa-3434

Url: https://security-tracker.debian.org/tracker/CVE-2015-8551

Url: http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html

Url: https://security.gentoo.org/glsa/201604-03

Url: http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2015-8551

Url: https://nvd.nist.gov/vuln/detail/CVE-2015-8551

Url: http://www.securitytracker.com/id/1034480

Url: http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html

Url: https://www.mend.io/vulnerability-database/CVE-2015-8551

Severity Score

6.0

Weakness Type (CWE)

NULL Pointer Dereference

CWE-476

Top Fix

Upgrade Version

Upgrade to version v4.4-rc6

Learn More

CVSS v3.1

Base Score:	6.0
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

CVSS v2

Base Score:	4.7
Access Vector (AV):	LOCAL
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	COMPLETE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2015-8551

Good to know:

Date: April 13, 2016

Language: C

Severity Score

Related Resources (17)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?