Published: 14/04/2016 Updated: 01/07/2017

CVSS v2 Base Score: 6.6 | Impact Score: 10 | Exploitability Score: 2.7

CVSS v3 Base Score: 7.5 | Impact Score: 6 | Exploitability Score: 0.8

VMScore: 587

Vector: AV:L/AC:M/Au:S/C:C/I:C/A:C

Buffer overflow in hw/pt-msi.c in Xen 4.6.x and previous versions, when using the qemu-xen-traditional (aka qemu-dm) device model, allows local x86 HVM guest administrators to gain privileges by leveraging a system with access to a passed-through MSI-X capable physical PCI device and MSI-X table entries, related to a "write path."

Vulnerable Product	Search on Vulmon	Subscribe to Product
xen xen

Buffer overflow in hw/pt-msic in Xen 46x and earlier, when using the qemu-xen-traditional (aka qemu-dm) device model, allows local x86 HVM guest administrators to gain privileges by leveraging a system with access to a passed-through MSI-X capable physical PCI device and MSI-X table entries, related to a "write path" ...

CWE-119 http://www.securitytracker.com/id/1034481 http://support.citrix.com/article/CTX203879 http://xenbits.xen.org/xsa/advisory-164.html http://www.securityfocus.com/bid/79579 http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html https://security.gentoo.org/glsa/201604-03 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2015-8554

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2015-8554

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect