4.9

CVE-2015-2150

EPSS 0.11%
Published 12.03.2015 14:59:02
Last modified 12.04.2025 10:46:40
Source cve@mitre.org
Teams watchlist Login
Open Login

Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest OS users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response.

Affected products Warnungen 0 Metrics 2 CWE 0 References 24

Data is provided by the National Vulnerability Database (NVD)

Ubuntu ≫ Ubuntu Version12.04 Editionlts

Xen ≫ Xen Version3.3.0

Xen ≫ Xen Version3.3.1

Xen ≫ Xen Version3.3.2

Xen ≫ Xen Version3.4.0

Xen ≫ Xen Version3.4.1

Xen ≫ Xen Version3.4.2

Xen ≫ Xen Version3.4.3

Xen ≫ Xen Version3.4.4

Xen ≫ Xen Version4.0.0

Xen ≫ Xen Version4.0.1

Xen ≫ Xen Version4.0.2

Xen ≫ Xen Version4.0.3

Xen ≫ Xen Version4.0.4

Xen ≫ Xen Version4.1.0

Xen ≫ Xen Version4.1.1

Xen ≫ Xen Version4.1.2

Xen ≫ Xen Version4.1.3

Xen ≫ Xen Version4.1.4

Xen ≫ Xen Version4.1.5

Xen ≫ Xen Version4.1.6.1

Xen ≫ Xen Version4.2.0

Xen ≫ Xen Version4.2.1

Xen ≫ Xen Version4.2.2

Xen ≫ Xen Version4.2.3

Xen ≫ Xen Version4.3.0

Xen ≫ Xen Version4.3.1

Xen ≫ Xen Version4.4.0

Xen ≫ Xen Version4.4.0 Updaterc1

Xen ≫ Xen Version4.4.1 Update-

Xen ≫ Xen Version4.5.0

Linux ≫ Linux Kernel Version <= 3.19.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.11%	0.299

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.9	3.9	6.9	AV:L/AC:L/Au:N/C:N/I:N/A:C

http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html

http://www.securitytracker.com/id/1031806

http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-423503.htm

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=af6fc858a35b90e89ea7a7ee58e66628c55c776b

http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155804.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155854.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155908.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152747.html

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.html

http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.html

http://www.debian.org/security/2015/dsa-3237

http://www.securityfocus.com/bid/73014

http://www.securitytracker.com/id/1031902

http://www.ubuntu.com/usn/USN-2631-1

http://www.ubuntu.com/usn/USN-2632-1

http://xenbits.xen.org/xsa/advisory-120.html

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1196266

https://github.com/torvalds/linux/commit/af6fc858a35b90e89ea7a7ee58e66628c55c776b

https://seclists.org/bugtraq/2019/Aug/18

https://nvd.nist.gov/vuln/detail/CVE-2015-2150

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-2150

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-2150

EUVD