CVE-2015-2150

NONE EPSS 40.9%
Published Mar 12, 201511y ago · Modified Jun 17, 20262w ago
Find Similar
Published Mar 12, 2015 11y ago
Last Modified Jun 17, 2026 2w ago

Description

Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest OS users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response.

Threat Intelligence

EPSS Exploit Probability
40.9% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-264

Affected Products 32

VendorProductVersionRange
ubuntuubuntu12.04any
xenxen3.3.0any
xenxen3.3.1any
xenxen3.3.2any
xenxen3.4.0any
xenxen3.4.1any
xenxen3.4.2any
xenxen3.4.3any
xenxen3.4.4any
xenxen4.0.0any
xenxen4.0.1any
xenxen4.0.2any
xenxen4.0.3any
xenxen4.0.4any
xenxen4.1.0any
xenxen4.1.1any
xenxen4.1.2any
xenxen4.1.3any
xenxen4.1.4any
xenxen4.1.5any
xenxen4.1.6.1any
xenxen4.2.0any
xenxen4.2.1any
xenxen4.2.2any
xenxen4.2.3any
xenxen4.3.0any
xenxen4.3.1any
xenxen4.4.0any
xenxen4.4.0any
xenxen4.4.1any
xenxen4.5.0any
linuxlinux_kernel* ≤3.19.1

References 21

  • git.kernel.org http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=af6fc858a35b90e89ea7a7ee58e66628c55c776b
  • lists.fedoraproject.org http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155804.html
  • lists.fedoraproject.org http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155854.html
  • lists.fedoraproject.org http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155908.html
  • lists.fedoraproject.org http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152747.html
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00001.html
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.html
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.html
  • debian.org http://www.debian.org/security/2015/dsa-3237
  • oracle.com http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
  • securityfocus.com http://www.securityfocus.com/bid/73014
  • securitytracker.com http://www.securitytracker.com/id/1031806
  • securitytracker.com http://www.securitytracker.com/id/1031902
  • ubuntu.com http://www.ubuntu.com/usn/USN-2631-1
  • ubuntu.com http://www.ubuntu.com/usn/USN-2632-1
  • www1.huawei.com http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-423503.htm
  • xenbits.xen.org http://xenbits.xen.org/xsa/advisory-120.html
    Vendor Advisory
  • bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=1196266
  • github.com https://github.com/torvalds/linux/commit/af6fc858a35b90e89ea7a7ee58e66628c55c776b
  • seclists.org https://seclists.org/bugtraq/2019/Aug/18

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.