PT-2015-7801 · Citrix+3 · Xen+3

Konrad Rzeszutek Wilk

Publicado

2015-12-17

Atualizado

2020-08-26

CVE-2015-8551

CVSS v3.1

6.0

Média

Vetor

AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Xen versions 3.1.x through 4.3.x

Description The issue allows local guest administrators to cause a denial of service by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and a crafted sequence of XEN PCI OP * operations. This can result in a NULL pointer dereference and host OS crash.

Recommendations For versions 3.1.x through 4.3.x, apply the necessary patches to fix the missing sanity checks in the PCI backend driver. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

NULL Pointer Dereference

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-476

Identificadores relacionados

ALT-PU-2016-1018

CVE-2015-8551

DSA-3434-1

MGASA-2016-0005

MGASA-2016-0014

MGASA-2016-0015

OPENSUSE-SU-2016_0280-1

OPENSUSE-SU-2016_0301-1

OPENSUSE-SU-2016_0318-1

OPENSUSE-SU-2016_2184-1

SUSE-SU-2016:0168-1

SUSE-SU-2016:0585-1

SUSE-SU-2016:0911-1

SUSE-SU-2016:1102-1

SUSE-SU-2016:1203-1

SUSE-SU-2016:1707-1

SUSE-SU-2016:1764-1

SUSE-SU-2016:1937-1

SUSE-SU-2016:2105-1

USN-2846-1

USN-2847-1

USN-2848-1

USN-2849-1

USN-2850-1

USN-2851-1

USN-2853-1

USN-2854-1

Produtos afetados

Alt Linux

Suse

Ubuntu

Xen

PT-2015-7801 · Citrix+3 · Xen+3

CVE-2015-8551

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 766