CVE-2015-2150
NONE EPSS 40.9%
Published Mar 12, 201511y ago · Modified Jun 17, 20262w ago
Published Mar 12, 2015 11y ago
Last Modified Jun 17, 2026 2w ago
Description
Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest OS users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response.
Threat Intelligence
EPSS Exploit Probability
40.9% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-264
Affected Products 32
| Vendor | Product | Version | Range |
|---|---|---|---|
| ubuntu | ubuntu | 12.04 | any |
| xen | xen | 3.3.0 | any |
| xen | xen | 3.3.1 | any |
| xen | xen | 3.3.2 | any |
| xen | xen | 3.4.0 | any |
| xen | xen | 3.4.1 | any |
| xen | xen | 3.4.2 | any |
| xen | xen | 3.4.3 | any |
| xen | xen | 3.4.4 | any |
| xen | xen | 4.0.0 | any |
| xen | xen | 4.0.1 | any |
| xen | xen | 4.0.2 | any |
| xen | xen | 4.0.3 | any |
| xen | xen | 4.0.4 | any |
| xen | xen | 4.1.0 | any |
| xen | xen | 4.1.1 | any |
| xen | xen | 4.1.2 | any |
| xen | xen | 4.1.3 | any |
| xen | xen | 4.1.4 | any |
| xen | xen | 4.1.5 | any |
| xen | xen | 4.1.6.1 | any |
| xen | xen | 4.2.0 | any |
| xen | xen | 4.2.1 | any |
| xen | xen | 4.2.2 | any |
| xen | xen | 4.2.3 | any |
| xen | xen | 4.3.0 | any |
| xen | xen | 4.3.1 | any |
| xen | xen | 4.4.0 | any |
| xen | xen | 4.4.0 | any |
| xen | xen | 4.4.1 | any |
| xen | xen | 4.5.0 | any |
| linux | linux_kernel | * | ≤3.19.1 |
References 21
- git.kernel.org http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=af6fc858a35b90e89ea7a7ee58e66628c55c776b
- lists.fedoraproject.org http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155804.html
- lists.fedoraproject.org http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155854.html
- lists.fedoraproject.org http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155908.html
- lists.fedoraproject.org http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152747.html
- lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00001.html
- lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html
- lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.html
- lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.html
- debian.org http://www.debian.org/security/2015/dsa-3237
- oracle.com http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- securityfocus.com http://www.securityfocus.com/bid/73014
- securitytracker.com http://www.securitytracker.com/id/1031806
- securitytracker.com http://www.securitytracker.com/id/1031902
- ubuntu.com http://www.ubuntu.com/usn/USN-2631-1
- ubuntu.com http://www.ubuntu.com/usn/USN-2632-1
- www1.huawei.com http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-423503.htm
- xenbits.xen.org http://xenbits.xen.org/xsa/advisory-120.html
- bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=1196266
- github.com https://github.com/torvalds/linux/commit/af6fc858a35b90e89ea7a7ee58e66628c55c776b
- seclists.org https://seclists.org/bugtraq/2019/Aug/18
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.