4.9

CVE-2015-2150

EPSS 0.11%
Veröffentlicht 12.03.2015 14:59:02
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest OS users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 24

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ubuntu ≫ Ubuntu Version12.04 Editionlts

Xen ≫ Xen Version3.3.0

Xen ≫ Xen Version3.3.1

Xen ≫ Xen Version3.3.2

Xen ≫ Xen Version3.4.0

Xen ≫ Xen Version3.4.1

Xen ≫ Xen Version3.4.2

Xen ≫ Xen Version3.4.3

Xen ≫ Xen Version3.4.4

Xen ≫ Xen Version4.0.0

Xen ≫ Xen Version4.0.1

Xen ≫ Xen Version4.0.2

Xen ≫ Xen Version4.0.3

Xen ≫ Xen Version4.0.4

Xen ≫ Xen Version4.1.0

Xen ≫ Xen Version4.1.1

Xen ≫ Xen Version4.1.2

Xen ≫ Xen Version4.1.3

Xen ≫ Xen Version4.1.4

Xen ≫ Xen Version4.1.5

Xen ≫ Xen Version4.1.6.1

Xen ≫ Xen Version4.2.0

Xen ≫ Xen Version4.2.1

Xen ≫ Xen Version4.2.2

Xen ≫ Xen Version4.2.3

Xen ≫ Xen Version4.3.0

Xen ≫ Xen Version4.3.1

Xen ≫ Xen Version4.4.0

Xen ≫ Xen Version4.4.0 Updaterc1

Xen ≫ Xen Version4.4.1 Update-

Xen ≫ Xen Version4.5.0

Linux ≫ Linux Kernel Version <= 3.19.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.11%	0.299

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.9	3.9	6.9	AV:L/AC:L/Au:N/C:N/I:N/A:C

http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html

http://www.securitytracker.com/id/1031806

http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-423503.htm

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=af6fc858a35b90e89ea7a7ee58e66628c55c776b

http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155804.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155854.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155908.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152747.html

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.html

http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.html

http://www.debian.org/security/2015/dsa-3237

http://www.securityfocus.com/bid/73014

http://www.securitytracker.com/id/1031902

http://www.ubuntu.com/usn/USN-2631-1

http://www.ubuntu.com/usn/USN-2632-1

http://xenbits.xen.org/xsa/advisory-120.html

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1196266

https://github.com/torvalds/linux/commit/af6fc858a35b90e89ea7a7ee58e66628c55c776b

https://seclists.org/bugtraq/2019/Aug/18

https://nvd.nist.gov/vuln/detail/CVE-2015-2150

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-2150

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-2150

EUVD