CVE-2015-8104

CRITICAL EPSS 82.8%
Published Nov 16, 201510y ago · Modified Jun 17, 20262w ago
10.0 CVSS 3.1
Critical
Find Similar
Published Nov 16, 2015 10y ago
Last Modified Jun 17, 2026 2w ago

Description

The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c.

CVSS Details

Base Score
10.0
Exploitability
3.9
Impact
6.0
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Changed
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
82.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-399

Affected Products 30

VendorProductVersionRange
xenxen4.3.0any
xenxen4.3.1any
xenxen4.3.2any
xenxen4.3.3any
xenxen4.3.4any
xenxen4.4.0any
xenxen4.4.1any
xenxen4.4.2any
xenxen4.4.3any
xenxen4.5.0any
xenxen4.5.1any
xenxen4.5.2any
xenxen4.6.0any
xenxen4.6.1any
xenxen4.6.2any
xenxen4.6.4any
xenxen4.6.5any
oraclesolaris11.3any
oraclevm_virtualbox*≥4.0.0  –  ≤4.0.34
oraclevm_virtualbox*≥4.1.0  –  ≤4.1.42
oraclevm_virtualbox*≥4.2.0  –  ≤4.2.34
oraclevm_virtualbox*≥4.3.0  –  ≤4.3.35
oraclevm_virtualbox*≥5.0.0  –  ≤5.0.13
linuxlinux_kernel* ≤4.2.3
debiandebian_linux7.0any
debiandebian_linux8.0any
debiandebian_linux9.0any
canonicalubuntu_linux12.04any
canonicalubuntu_linux14.04any
canonicalubuntu_linux15.04any

References 43

  • git.kernel.org http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cbdb967af3d54993f5814f1cee0ed311a055377d
    Issue TrackingPatchVendor Advisory
  • lists.fedoraproject.org http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172187.html
    Mailing ListThird Party Advisory
  • lists.fedoraproject.org http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172300.html
    Mailing ListThird Party Advisory
  • lists.fedoraproject.org http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172435.html
    Mailing ListThird Party Advisory
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00035.html
    Mailing ListThird Party Advisory
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html
    Mailing ListThird Party Advisory
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.html
    Mailing ListThird Party Advisory
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.html
    Mailing ListThird Party Advisory
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00013.html
    Mailing ListThird Party Advisory
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html
    Mailing ListThird Party Advisory
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html
    Mailing ListThird Party Advisory
  • lists.opensuse.org http://lists.opensuse.org/opensuse-updates/2015-12/msg00039.html
    Mailing ListThird Party Advisory
  • lists.opensuse.org http://lists.opensuse.org/opensuse-updates/2015-12/msg00053.html
    Mailing ListThird Party Advisory
  • rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2015-2636.html
    Third Party Advisory
  • rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2015-2645.html
    Third Party Advisory
  • rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2016-0046.html
    Third Party Advisory
  • support.citrix.com http://support.citrix.com/article/CTX202583
    Third Party Advisory
  • support.citrix.com http://support.citrix.com/article/CTX203879
    Third Party Advisory
  • debian.org http://www.debian.org/security/2015/dsa-3414
    Third Party Advisory
  • debian.org http://www.debian.org/security/2015/dsa-3426
    Third Party Advisory
  • debian.org http://www.debian.org/security/2016/dsa-3454
    Third Party Advisory
  • openwall.com http://www.openwall.com/lists/oss-security/2015/11/10/5
    Mailing ListThird Party Advisory
  • openwall.com http://www.openwall.com/lists/oss-security/2023/10/10/4
  • oracle.com http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
    PatchThird Party Advisory
  • oracle.com http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
    PatchThird Party Advisory
  • oracle.com http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
    Third Party Advisory
  • oracle.com http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
    Third Party Advisory
  • oracle.com http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
    Third Party Advisory
  • securityfocus.com http://www.securityfocus.com/bid/77524
    Third Party AdvisoryVDB Entry
  • securityfocus.com http://www.securityfocus.com/bid/91787
    Third Party AdvisoryVDB Entry
  • securitytracker.com http://www.securitytracker.com/id/1034105
    Third Party AdvisoryVDB Entry
  • ubuntu.com http://www.ubuntu.com/usn/USN-2840-1
    Third Party Advisory
  • ubuntu.com http://www.ubuntu.com/usn/USN-2841-1
    Third Party Advisory
  • ubuntu.com http://www.ubuntu.com/usn/USN-2841-2
    Third Party Advisory
  • ubuntu.com http://www.ubuntu.com/usn/USN-2842-1
    Third Party Advisory
  • ubuntu.com http://www.ubuntu.com/usn/USN-2842-2
    Third Party Advisory
  • ubuntu.com http://www.ubuntu.com/usn/USN-2843-1
    Third Party Advisory
  • ubuntu.com http://www.ubuntu.com/usn/USN-2843-2
    Third Party Advisory
  • ubuntu.com http://www.ubuntu.com/usn/USN-2844-1
    Third Party Advisory
  • xenbits.xen.org http://xenbits.xen.org/xsa/advisory-156.html
    PatchVendor Advisory
  • bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=1278496
    Issue TrackingVendor Advisory
  • github.com https://github.com/torvalds/linux/commit/cbdb967af3d54993f5814f1cee0ed311a055377d
    Issue TrackingPatchVendor Advisory
  • kb.juniper.net https://kb.juniper.net/JSA10783
    Third Party Advisory

Remediation

  • git.kernel.org http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cbdb967af3d54993f5814f1cee0ed311a055377d
    Issue TrackingPatchVendor Advisory
  • oracle.com http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
    PatchThird Party Advisory
  • oracle.com http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
    PatchThird Party Advisory
  • xenbits.xen.org http://xenbits.xen.org/xsa/advisory-156.html
    PatchVendor Advisory
  • github.com https://github.com/torvalds/linux/commit/cbdb967af3d54993f5814f1cee0ed311a055377d
    Issue TrackingPatchVendor Advisory