Unrated severityNVD Advisory· Published Jun 3, 2015· Updated May 6, 2026

CVE-2015-4106

Description

QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors.

Affected products

QEMU/Qemu
cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*
Range: <=2.3.1
Debian/Debian Linux2 versions
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Fedoraproject/Fedora3 versions
cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
SUSE S.A./Linux Enterprise Desktop2 versions
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*
SUSE S.A./Linux Enterprise Server4 versions
cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:ltss:*:*:*+ 3 more
- cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:ltss:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*
- cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*
SUSE S.A./Linux Enterprise Software Development Kit2 versions
cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-:*:*:*:*:*:*
Citrix Systems/Xenserver5 versions
cpe:2.3:a:citrix:xenserver:6.0:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:citrix:xenserver:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:citrix:xenserver:6.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:citrix:xenserver:6.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:citrix:xenserver:6.2.0:-:*:*:*:*:*:*
- cpe:2.3:a:citrix:xenserver:6.5:-:*:*:*:*:*:*
Canonical (company)/Ubuntu Linux4 versions
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.fedoraproject.org/pipermail/package-announce/2015-June/160154.htmlnvdThird Party Advisory
lists.fedoraproject.org/pipermail/package-announce/2015-June/160171.htmlnvdThird Party Advisory
lists.fedoraproject.org/pipermail/package-announce/2015-June/160685.htmlnvdThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2015-06/msg00004.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2015-06/msg00007.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2015-06/msg00029.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2015-06/msg00030.htmlnvdMailing ListThird Party Advisory
support.citrix.com/article/CTX201145nvdThird Party Advisory
www.debian.org/security/2015/dsa-3284nvdThird Party Advisory
www.debian.org/security/2015/dsa-3286nvdThird Party Advisory
www.securityfocus.com/bid/74949nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1032467nvdThird Party AdvisoryVDB Entry
www.ubuntu.com/usn/USN-2630-1nvdThird Party Advisory
xenbits.xen.org/xsa/advisory-131.htmlnvdThird Party Advisory
security.gentoo.org/glsa/201604-03nvdThird Party Advisory
support.citrix.com/article/CTX206006nvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000