Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.9
CVSSv2

CVE-2015-2150

Published: 12/03/2015 Updated: 07/11/2023
CVSS v2 Base Score: 4.9 | Impact Score: 6.9 | Exploitability Score: 3.9
VMScore: 437
Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C
Subscribe to Ubuntu

Vulnerability Summary

Xen 3.3.x up to and including 4.5.x and the Linux kernel up to and including 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest OS users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

ubuntu ubuntu 12.04

xen xen 4.1.5

xen xen 4.2.2

xen xen 4.2.3

xen xen 3.4.0

xen xen 4.3.0

xen xen 4.0.4

xen xen 4.0.2

xen xen 3.3.2

xen xen 4.1.2

xen xen 3.4.4

xen xen 4.0.0

xen xen 4.4.0

xen xen 4.1.1

xen xen 4.2.0

xen xen 4.1.0

xen xen 3.4.3

xen xen 4.4.1

xen xen 4.1.3

xen xen 4.1.6.1

xen xen 3.3.1

xen xen 3.4.2

xen xen 4.1.4

xen xen 3.4.1

xen xen 4.3.1

xen xen 3.3.0

xen xen 4.2.1

xen xen 4.5.0

xen xen 4.0.1

xen xen 4.0.3

linux linux kernel

Vendor Advisories

Debian CVElist Bug Report Logs: Buffer overruns in Linux kernel RFC4106 implementation using AESNI (CVE-2015-3331)
Debian Bug report logs - #782561 Buffer overruns in Linux kernel RFC4106 implementation using AESNI (CVE-2015-3331) Package: src:linux; Maintainer for src:linux is Debian Kernel Team <debian-kernel@listsdebianorg>; Reported by: Romain Francoise <rfrancoise@debianorg> Date: Tue, 14 Apr 2015 08:57:02 UTC Severity: n ...
Debian Security Advisories: DSA-3237-1 linux -- security update
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks CVE-2014-8159 It was found that the Linux kernel's InfiniBand/RDMA subsystem did not properly sanitize input parameters while registering memory regions from user space via the (u)verbs API ...
Debian Security Advisories: DSA-4497-1 linux -- security update
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks CVE-2015-8553 Jan Beulich discovered that CVE-2015-2150 was not completely addressed If a PCI physical function is passed through to a Xen guest, the guest is able to access its memory and I ...
Ubuntu Security Notice: linux vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux-lts-trusty vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux-lts-utopic vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux-ti-omap4 vulnerabilities
Several security issues were fixed in the kernel ...
Red Hat: CVE-2015-2150
Xen 33x through 45x and the Linux kernel through 3191 do not properly restrict access to PCI command registers, which might allow local guest OS users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Un ...

References

CWE-264http://xenbits.xen.org/xsa/advisory-120.htmlhttps://github.com/torvalds/linux/commit/af6fc858a35b90e89ea7a7ee58e66628c55c776bhttps://bugzilla.redhat.com/show_bug.cgi?id=1196266http://www.securitytracker.com/id/1031902http://www.securitytracker.com/id/1031806http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152747.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-04/msg00001.htmlhttp://www.debian.org/security/2015/dsa-3237http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155854.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-April/155804.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-April/155908.htmlhttp://www.ubuntu.com/usn/USN-2632-1http://www.ubuntu.com/usn/USN-2631-1http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.htmlhttp://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-423503.htmhttp://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.htmlhttp://www.securityfocus.com/bid/73014https://seclists.org/bugtraq/2019/Aug/18http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=af6fc858a35b90e89ea7a7ee58e66628c55c776bhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=782561https://nvd.nist.govhttps://usn.ubuntu.com/2614-1/https://access.redhat.com/security/cve/cve-2015-2150https://www.debian.org/security/./dsa-3237
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook