Detections
Analytics
CVE-2015-2150
medium
Description
Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest OS users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response.
References
https://seclists.org/bugtraq/2019/Aug/18
https://github.com/torvalds/linux/commit/af6fc858a35b90e89ea7a7ee58e66628c55c776b
https://bugzilla.redhat.com/show_bug.cgi?id=1196266
http://xenbits.xen.org/xsa/advisory-120.html
http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-423503.htm
http://www.ubuntu.com/usn/USN-2632-1
http://www.ubuntu.com/usn/USN-2631-1
http://www.securitytracker.com/id/1031902
http://www.securitytracker.com/id/1031806
http://www.securityfocus.com/bid/73014
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://www.debian.org/security/2015/dsa-3237
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.html
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.html
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00001.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152747.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155908.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155854.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155804.html