CVE-2015-2756

Loading...

General

Score:4.9/10.0
Severity:Low
Category:Access Control Error

Impact Metrics

Confidentiality:None
Integrity:None
Availability:Complete

Exploitability Metrics

Access Vector:Local
Access Complexity:Low
Authentication:None

Relative vulnerabilities

CVE-2014-9718, CVE-2015-1779, CVE-2015-2044, CVE-2015-2045, CVE-2015-2151, CVE-2015-2751, CVE-2015-2752, CVE-2015-3456, CVE-2015-5165, CVE-2015-5307, CVE-2015-7969, CVE-2015-7970, CVE-2015-7971, CVE-2015-7972, CVE-2015-8104, CVE-2015-8339, CVE-2015-8340, CVE-2015-8550, CVE-2015-8554, CVE-2015-8555, CVE-2015-8615, CVE-2016-1570, CVE-2016-1571, CVE-2016-2270, CVE-2016-2271

Published on 01/04/15 - Updated on 30/10/18

Description

QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict access to PCI command registers, which might allow local HVM guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response.

Category: Access Control Error

CWE-264 (Permissions, Privileges, and Access Control)
Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

Security Notices

US National Vulnerability DatabaseCVE-2015-2756
Agence Nationale de la Sécurité des Systèmes d'Information CERTFR-2015-AVI-130, CERTFR-2015-AVI-255
Debian DSA-3259-1
Debian LTSDLA-479-1
Renater 2015/VULN030
SUSE SUSE-SU-2015:0701, SUSE-SU-2015:0745, SUSE-SU-2015:0746, SUSE-SU-2015:0747
Ubuntu USN-2608-1

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
canonicalubuntu_linux
debiandebian_linux
fedoraprojectfedora
xenxen

Share this vulnerability with:

Twitter Facebook LinkedIn Mail