CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
EPSS
Percentile
32.6%
Xen PCI backend driver does not perform proper sanity checks on the device’s state.
Which in turn allows the generic MSI code (called by Xen PCI backend) to be called incorrectly leading to hitting BUG conditions or causing NULL pointer exceptions in the MSI code. (CVE-2015-8551)
To exploit this the guest can craft specific sequence of XEN_PCI_OP_* operations which will trigger this.
Furthermore the frontend can also craft an continous stream of XEN_PCI_OP_enable_msi which will trigger an continous stream of WARN() messages triggered by the MSI code leading to the logging in the initial domain to exhaust disk space. (CVE-2015-8552)
Lastly there is also missing check to verify whether the device has memory decoding enabled set at the start of the day leading the initial domain "accesses to the respective MMIO or I/O port ranges would
Malicious guest administrators can cause denial of service. If driver domains are not in use, the impact is a host crash.
Only x86 systems are vulnerable. ARM systems are not vulnerable.
This bug affects systems using Linux as the driver domain, including non-disaggregated systems using Linux as dom0.
Linux versions v3.1 and onwards are vulnerable due to supporting PCI pass-through backend driver.
PV and HVM guests which have been granted access to physical PCI devices (`PCI passthrough’) can take advantage of this vulnerability.
Furthermore, the vulnerability is only applicable when the passed-through PCI devices are MSI-capable or MSI-X. (Most modern devices are).
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
EPSS
Percentile
32.6%