QEMU, as used in Xen 3.3.x up to and including 4.5.x, does not properly restrict access to PCI command registers, which might allow local HVM guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
debian debian linux 8.0 |
||
debian debian linux 7.0 |
||
xen xen 4.4.0 |
||
xen xen 4.3.0 |
||
xen xen 4.5.0 |
||
xen xen 4.3.1 |
||
xen xen 4.3.2 |
||
xen xen 4.4.1 |
||
fedoraproject fedora 21 |
||
fedoraproject fedora 20 |
||
canonical ubuntu linux 14.04 |
||
canonical ubuntu linux 12.04 |
||
canonical ubuntu linux 15.04 |
||
canonical ubuntu linux 14.10 |