Lucene search

MitreCVE-2015-8104

HistoryNov 16, 2015 - 11:59 a.m.

CVE-2015-8104

2015-11-1611:59:12

CWE-399

mitre

web.nvd.nist.gov

135

cve-2015-8104

kvm

linux kernel

xen

denial of service

#db exception

svm.c

nvd

CVSS2

4.7

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:N/A:C

AI Score

5.3

Confidence

Low

EPSS

0.001

Percentile

42.0%

JSON

The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c.

Affected configurations

Nvd

Node

xenxenMatch4.3.0

xenxenMatch4.3.1

xenxenMatch4.3.2

xenxenMatch4.3.3

xenxenMatch4.3.4

xenxenMatch4.4.0

xenxenMatch4.4.1

xenxenMatch4.4.2

xenxenMatch4.4.3

xenxenMatch4.5.0

xenxenMatch4.5.1

xenxenMatch4.5.2

xenxenMatch4.6.0

xenxenMatch4.6.1

xenxenMatch4.6.2

xenxenMatch4.6.4

xenxenMatch4.6.5

Node

oraclesolarisMatch11.3

Node

oraclevm_virtualboxRange4.0.0–4.0.34

oraclevm_virtualboxRange4.1.0–4.1.42

oraclevm_virtualboxRange4.2.0–4.2.34

oraclevm_virtualboxRange4.3.0–4.3.35

oraclevm_virtualboxRange5.0.0–5.0.13

Node

linuxlinux_kernelRange≤4.2.3

Node

debiandebian_linuxMatch7.0

debiandebian_linuxMatch8.0

debiandebian_linuxMatch9.0

Node

canonicalubuntu_linuxMatch12.04lts

canonicalubuntu_linuxMatch14.04lts

canonicalubuntu_linuxMatch15.04

VendorProductVersionCPE
xenxen4.3.0cpe:2.3:o:xen:xen:4.3.0:*:*:*:*:*:*:*
xenxen4.3.1cpe:2.3:o:xen:xen:4.3.1:*:*:*:*:*:*:*
xenxen4.3.2cpe:2.3:o:xen:xen:4.3.2:*:*:*:*:*:*:*
xenxen4.3.3cpe:2.3:o:xen:xen:4.3.3:*:*:*:*:*:*:*
xenxen4.3.4cpe:2.3:o:xen:xen:4.3.4:*:*:*:*:*:*:*
xenxen4.4.0cpe:2.3:o:xen:xen:4.4.0:*:*:*:*:*:*:*
xenxen4.4.1cpe:2.3:o:xen:xen:4.4.1:*:*:*:*:*:*:*
xenxen4.4.2cpe:2.3:o:xen:xen:4.4.2:*:*:*:*:*:*:*
xenxen4.4.3cpe:2.3:o:xen:xen:4.4.3:*:*:*:*:*:*:*
xenxen4.5.0cpe:2.3:o:xen:xen:4.5.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
xen	xen	4.3.0	cpe:2.3:o:xen:xen:4.3.0:::::::*
xen	xen	4.3.1	cpe:2.3:o:xen:xen:4.3.1:::::::*
xen	xen	4.3.2	cpe:2.3:o:xen:xen:4.3.2:::::::*
xen	xen	4.3.3	cpe:2.3:o:xen:xen:4.3.3:::::::*
xen	xen	4.3.4	cpe:2.3:o:xen:xen:4.3.4:::::::*
xen	xen	4.4.0	cpe:2.3:o:xen:xen:4.4.0:::::::*
xen	xen	4.4.1	cpe:2.3:o:xen:xen:4.4.1:::::::*
xen	xen	4.4.2	cpe:2.3:o:xen:xen:4.4.2:::::::*
xen	xen	4.4.3	cpe:2.3:o:xen:xen:4.4.3:::::::*
xen	xen	4.5.0	cpe:2.3:o:xen:xen:4.5.0:::::::*

Rows per page:

1-10 of 261

References

git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cbdb967af3d54993f5814f1cee0ed311a055377d

lists.fedoraproject.org/pipermail/package-announce/2015-November/172187.html

lists.fedoraproject.org/pipermail/package-announce/2015-November/172300.html

lists.fedoraproject.org/pipermail/package-announce/2015-November/172435.html

lists.opensuse.org/opensuse-security-announce/2015-11/msg00035.html

lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html

lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.html

lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.html

lists.opensuse.org/opensuse-security-announce/2016-02/msg00013.html

lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html

lists.opensuse.org/opensuse-updates/2015-12/msg00039.html

lists.opensuse.org/opensuse-updates/2015-12/msg00053.html

rhn.redhat.com/errata/RHSA-2015-2636.html

rhn.redhat.com/errata/RHSA-2015-2645.html

rhn.redhat.com/errata/RHSA-2016-0046.html

support.citrix.com/article/CTX202583

support.citrix.com/article/CTX203879

www.debian.org/security/2015/dsa-3414

www.debian.org/security/2015/dsa-3426

www.debian.org/security/2016/dsa-3454

www.openwall.com/lists/oss-security/2015/11/10/5

www.openwall.com/lists/oss-security/2023/10/10/4

www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

www.securityfocus.com/bid/77524

www.securityfocus.com/bid/91787

www.securitytracker.com/id/1034105

www.ubuntu.com/usn/USN-2840-1

www.ubuntu.com/usn/USN-2841-1

www.ubuntu.com/usn/USN-2841-2

www.ubuntu.com/usn/USN-2842-1

www.ubuntu.com/usn/USN-2842-2

www.ubuntu.com/usn/USN-2843-1

www.ubuntu.com/usn/USN-2843-2

www.ubuntu.com/usn/USN-2844-1

xenbits.xen.org/xsa/advisory-156.html

bugzilla.redhat.com/show_bug.cgi?id=1278496

github.com/torvalds/linux/commit/cbdb967af3d54993f5814f1cee0ed311a055377d

kb.juniper.net/JSA10783

CVSS2

4.7

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:N/A:C

AI Score

5.3

Confidence

Low

EPSS

0.001

Percentile

42.0%

JSON

Related for CVE-2015-8104