Medium severity6.0NVD Advisory· Published Apr 13, 2016· Updated May 6, 2026

CVE-2015-8551

Description

The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to hit BUG conditions and cause a denial of service (NULL pointer dereference and host OS crash) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and a crafted sequence of XEN_PCI_OP_* operations, aka "Linux pciback missing sanity checks."

Affected products

Debian/Debian Linux2 versions
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Linux/Kernel
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Range: >=3.1,<=3.1.10
OpenSUSE/openSUSE
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
SUSE S.A./Linux Enterprise Desktop2 versions
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp4:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:suse:linux_enterprise_desktop:11:sp4:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*
SUSE S.A./Linux Enterprise Real Time Extension2 versions
cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp4:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp4:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_real_time_extension:12:sp1:*:*:*:*:*:*
SUSE S.A./Linux Enterprise Server3 versions
cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*
SUSE S.A./Linux Enterprise Software Development Kit2 versions
cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1:*:*:*:*:*:*
SUSE S.A./Linux Enterprise Workstation Extension
cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:sp1:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.htmlnvdMailing ListThird Party Advisory
www.debian.org/security/2016/dsa-3434nvdThird Party Advisory
www.securityfocus.com/bid/79546nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1034480nvdThird Party AdvisoryVDB Entry
xenbits.xen.org/xsa/advisory-157.htmlnvdVendor Advisory
security.gentoo.org/glsa/201604-03nvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.390
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000