Published: 14/04/2016 Updated: 04/11/2017

CVSS v2 Base Score: 5.7 | Impact Score: 8.5 | Exploitability Score: 3.1

CVSS v3 Base Score: 8.2 | Impact Score: 6 | Exploitability Score: 1.5

VMScore: 507

Vector: AV:L/AC:L/Au:S/C:P/I:P/A:C

Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service (host OS crash) or gain privileges by writing to memory shared between the frontend and backend, aka a double fetch vulnerability.

Vulnerable Product	Search on Vulmon	Subscribe to Product
xen xen -
novell suse linux enterprise real time extension 12

Several vulnerabilities were discovered in qemu, a full virtualization solution on x86 hardware CVE-2015-7295 Jason Wang of Red Hat Inc discovered that the Virtual Network Device support is vulnerable to denial-of-service, that could occur when receiving large packets CVE-2015-7504 Qinghao Tang of Qihoo 360 Inc and Ling Liu of ...

Multiple security issues have been found in the Xen virtualisation solution, which may result in denial of service or information disclosure The oldstable distribution (wheezy) will be updated in a separate DSA For the stable distribution (jessie), these problems have been fixed in version 441-9+deb8u4 For the unstable distribution (sid), thes ...

Several security issues were fixed in QEMU ...

Several security issues were fixed in the kernel ...

Debian Bug report logs - #812307 CVE-2016-1981: net: e1000 infinite loop in start_xmit and e1000_receive_iov routines Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 22 Jan 2016 06:00:02 UTC Sever ...

Debian Bug report logs - #808144 CVE-2015-8558: usb: infinite loop in ehci_advance_state results in DoS Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Michael Tokarev <mjt@tlsmskru> Date: Wed, 16 Dec 2015 13:09:02 UTC Severity: important Tags: f ...

Debian Bug report logs - #809237 CVE-2015-8619: hmp: stack based OOB write in hmp_sendkey routine Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Michael Tokarev <mjt@tlsmskru> Date: Mon, 28 Dec 2015 15:30:02 UTC Severity: important Tags: patch, ...

Debian Bug report logs - #808131 CVE-2015-7549: msi-x null-pointer dereference issue in qemu-system Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Michael Tokarev <mjt@tlsmskru> Date: Wed, 16 Dec 2015 11:03:06 UTC Severity: important Tags: fixed ...

Debian Bug report logs - #810519 qemu: CVE-2015-8743: net: ne2000: OOB r/w in ioport operations Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 9 Jan 2016 13:30:01 UTC Severity: important Tags: s ...

Debian Bug report logs - #809232 CVE-2015-8613: scsi: stack based buffer overflow in megasas_ctrl_get_info Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Michael Tokarev <mjt@tlsmskru> Date: Mon, 28 Dec 2015 15:12:01 UTC Severity: important Tags ...

Debian Bug report logs - #808130 CVE-2015-8504: vnc floating point exception Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Michael Tokarev <mjt@tlsmskru> Date: Wed, 16 Dec 2015 11:03:02 UTC Severity: serious Tags: fixed-upstream, patch, securit ...

Debian Bug report logs - #808293 Regression in short UDP reads caused by "net: Fix skb csum races when peeking" Package: src:linux; Maintainer for src:linux is Debian Kernel Team <debian-kernel@listsdebianorg>; Affects: freeradius Reported by: Francesco Politi <fpoliti@micsoit> Date: Fri, 18 Dec 2015 12:09:01 UTC ...

Debian Bug report logs - #806741 qemu: CVE-2015-7512: net: pcnet: buffer overflow in non-loopback mode Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 30 Nov 2015 18:03:02 UTC Severity: important ...

Debian Bug report logs - #823620 Multiple security issues Package: src:xen; Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Fri, 6 May 2016 18:03:02 UTC Severity: grave Tags: security Fixed in versions xen/480~rc3-1, xen/48 ...

Debian Bug report logs - #811201 qemu: CVE-2016-1922: i386: null pointer dereference in vapic_write() Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 16 Jan 2016 18:54:02 UTC Severity: important T ...

Debian Bug report logs - #806742 qemu: CVE-2015-7504: net: pcnet: heap overflow vulnerability in pcnet_receive Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 30 Nov 2015 18:06:01 UTC Severity: im ...

Debian Bug report logs - #806373 qemu: CVE-2015-8345: net: eepro100: infinite loop in processing command block list Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Thu, 26 Nov 2015 18:18:02 UTC Severity: im ...

Debian Bug report logs - #809229 CVE-2015-8550: xen: unsafe access to shared memory Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Michael Tokarev <mjt@tlsmskru> Date: Mon, 28 Dec 2015 14:48:02 UTC Severity: important Tags: fixed-upstream, patch ...

Debian Bug report logs - #808145 CVE-2015-8567 CVE-2015-8568: qemu-system: net: vmxnet3: host memory leakage Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Michael Tokarev <mjt@tlsmskru> Date: Wed, 16 Dec 2015 13:18:02 UTC Severity: important Ta ...

Debian Bug report logs - #810527 qemu: CVE-2016-1568: ide: ahci use-after-free vulnerability in aio port commands Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 9 Jan 2016 14:51:01 UTC Severity: ...

No sane compiler would optimize atomics: the presentation

No Sane Compiler Would Optimize Atomics Abstract False Compilers do optimize atomics, memory accesses around atomics, and utilize architecture-specific knowledge My hobby is to encourage compilers to do more of this, programmers to rely on it, and hardware vendors to give us new atomic toys to optimize with Oh, and standardize yet more close-to-the-metal concurrency and para

CWE-284 http://www.securityfocus.com/bid/79592 http://www.securitytracker.com/id/1034479 http://xenbits.xen.org/xsa/advisory-155.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html http://www.debian.org/security/2016/dsa-3519 https://security.gentoo.org/glsa/201604-03 http://www.debian.org/security/2016/dsa-3471 http://www.debian.org/security/2016/dsa-3434 https://nvd.nist.gov https://github.com/jfbastien/no-sane-compiler https://www.debian.org/security/./dsa-3471 https://access.redhat.com/security/cve/cve-2015-8550 https://usn.ubuntu.com/2891-1/

Get Started

CVE-2015-8550

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect