CVE-2015-2150

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest OS users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response.

References

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=af6fc858a35b90e89ea7a7ee58e66628c55c776b

http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155804.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155854.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155908.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152747.html

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html

http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.html

http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.html

http://www.debian.org/security/2015/dsa-3237

http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

http://www.securityfocus.com/bid/73014

http://www.securitytracker.com/id/1031806

http://www.securitytracker.com/id/1031902

http://www.ubuntu.com/usn/USN-2631-1

http://www.ubuntu.com/usn/USN-2632-1

http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-423503.htm

http://xenbits.xen.org/xsa/advisory-120.html

https://bugzilla.redhat.com/show_bug.cgi?id=1196266

https://github.com/torvalds/linux/commit/af6fc858a35b90e89ea7a7ee58e66628c55c776b

https://seclists.org/bugtraq/2019/Aug/18

Details

Source: MITRE

Published: 2015-03-12

Updated: 2018-10-30

Type: CWE-264

Risk Information

CVSS v2

Base Score: 4.9

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 3.9

Severity: MEDIUM

Tenable Plugins

View all (31 total)

IDNameProductFamilySeverity
124811EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1487)NessusHuawei Local Security Checks
high
124808EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1484)NessusHuawei Local Security Checks
critical
99163OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0057) (Dirty COW)NessusOracleVM Local Security Checks
critical
90019OracleVM 3.2 : kernel-uek (OVMSA-2016-0037)NessusOracleVM Local Security Checks
critical
88545openSUSE Security Update : the Linux Kernel (openSUSE-2016-124)NessusSuSE Local Security Checks
high
86290SUSE SLED11 / SLES11 Security Update : kernel-source (SUSE-SU-2015:1678-1)NessusSuSE Local Security Checks
high
86121SUSE SLED11 / SLES11 Security Update : kernel (SUSE-SU-2015:1611-1)NessusSuSE Local Security Checks
high
85764SUSE SLES11 Security Update : kernel (SUSE-SU-2015:1478-1)NessusSuSE Local Security Checks
medium
85188OracleVM 3.3 : kernel-uek (OVMSA-2015-0109)NessusOracleVM Local Security Checks
critical
85177Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2015-3064)NessusOracle Linux Local Security Checks
medium
84545SUSE SLED11 / SLES11 Security Update : kernel (SUSE-SU-2015:1174-1)NessusSuSE Local Security Checks
medium
84119Ubuntu 12.04 LTS : linux vulnerabilities (USN-2631-1)NessusUbuntu Local Security Checks
high
83760Ubuntu 14.04 LTS : linux vulnerabilities (USN-2614-1)NessusUbuntu Local Security Checks
high
83759Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2613-1)NessusUbuntu Local Security Checks
high
83709SUSE SLED12 / SLES12 Security Update : Security Update for Linux Kernel (SUSE-SU-2015:0658-1)NessusSuSE Local Security Checks
medium
83485OracleVM 3.3 : kernel-uek (OVMSA-2015-0060)NessusOracleVM Local Security Checks
medium
83449Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2015-3036)NessusOracle Linux Local Security Checks
critical
83448Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2015-3035)NessusOracle Linux Local Security Checks
medium
83181Ubuntu 14.10 : linux vulnerabilities (USN-2590-1)NessusUbuntu Local Security Checks
medium
83180Ubuntu 14.04 LTS : linux-lts-utopic vulnerabilities (USN-2589-1)NessusUbuntu Local Security Checks
medium
83065Debian DSA-3237-1 : linux - security updateNessusDebian Local Security Checks
high
83040Fedora 22 : kernel-4.0.0-1.fc22 (2015-6100)NessusFedora Local Security Checks
medium
83020Fedora 21 : kernel-3.19.4-200.fc21 (2015-6320)NessusFedora Local Security Checks
medium
83019Fedora 20 : kernel-3.19.4-100.fc20 (2015-6294)NessusFedora Local Security Checks
medium
82756openSUSE Security Update : Linux Kernel (openSUSE-2015-302)NessusSuSE Local Security Checks
critical
82691OracleVM 3.3 : kernel-uek (OVMSA-2015-0040)NessusOracleVM Local Security Checks
high
82630Fedora 20 : kernel-3.19.3-100.fc20 (2015-5024)NessusFedora Local Security Checks
medium
82518Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2015-3019)NessusOracle Linux Local Security Checks
critical
82490Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2015-3020)NessusOracle Linux Local Security Checks
critical
82056Fedora 22 : kernel-4.0.0-0.rc4.git0.1.fc22 (2015-4066)NessusFedora Local Security Checks
medium
81991Fedora 21 : kernel-3.19.1-201.fc21 (2015-4059)NessusFedora Local Security Checks
medium