Unrated severityNVD Advisory· Published Apr 1, 2015· Updated May 6, 2026
CVE-2015-2756
CVE-2015-2756
Description
QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict access to PCI command registers, which might allow local HVM guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response.
Affected products
4- osv-coords4 versionspkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2012pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012
< 4.4.2_02-15.1+ 3 more
- (no CPE)range: < 4.4.2_02-15.1
- (no CPE)range: < 4.4.2_02-15.1
- (no CPE)range: < 4.4.2_02-15.1
- (no CPE)range: < 4.4.2_02-15.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
13- xenbits.xen.org/xsa/advisory-126.htmlnvdVendor Advisory
- lists.fedoraproject.org/pipermail/package-announce/2015-April/154574.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2015-April/154579.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2015-April/155198.htmlnvd
- lists.nongnu.org/archive/html/qemu-devel/2015-03/msg06179.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-04/msg00014.htmlnvd
- support.citrix.com/article/CTX201145nvd
- www.debian.org/security/2015/dsa-3259nvd
- www.securityfocus.com/bid/72577nvd
- www.securitytracker.com/id/1031998nvd
- www.ubuntu.com/usn/USN-2608-1nvd
- security.gentoo.org/glsa/201504-04nvd
- support.citrix.com/article/CTX206006nvd
News mentions
0No linked articles in our index yet.