CVE-2015-2150

CVE Details

Release Date:	2015-03-10
Impact:	Moderate	What is this?

Description

Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do notproperly restrict access to PCI command registers, which might allow local guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response.

See more information about CVE-2015-2150 from MITRE CVE dictionary and NIST NVD

NOTE: The following CVSS metrics and score provided are preliminary and subject to review.

CVSS v2 metrics

Base Score:	5.2
Vector String:	AV:A/AC:M/Au:S/C:N/I:N/A:C
Version:	2.0
Attack Vector:	Adjacent Network
Attack Complexity:	Medium
Authentication:	Single
Confidentiality Impact:	None
Integrity Impact:	None
Availability Impact:	Complete

Errata information

Platform	Errata	Release Date
Oracle Linux version 5 (kernel-uek)	ELSA-2015-3020	2015-03-31
Oracle Linux version 5 (kernel-uek)	ELSA-2015-3036	2015-05-13
Oracle Linux version 6 (dtrace-modules-3.8.13-68.1.2.el6uek)	ELSA-2015-3019	2015-03-31
Oracle Linux version 6 (dtrace-modules-3.8.13-68.2.2.el6uek)	ELSA-2015-3035	2015-05-13
Oracle Linux version 6 (kernel-uek)	ELSA-2015-3019	2015-03-31
Oracle Linux version 6 (kernel-uek)	ELSA-2015-3020	2015-03-31
Oracle Linux version 6 (kernel-uek)	ELSA-2015-3035	2015-05-13
Oracle Linux version 6 (kernel-uek)	ELSA-2015-3036	2015-05-13
Oracle Linux version 7 (dtrace-modules-3.8.13-68.1.2.el7uek)	ELSA-2015-3019	2015-03-31
Oracle Linux version 7 (dtrace-modules-3.8.13-68.2.2.el7uek)	ELSA-2015-3035	2015-05-13
Oracle Linux version 7 (kernel-uek)	ELSA-2015-3019	2015-03-31
Oracle Linux version 7 (kernel-uek)	ELSA-2015-3035	2015-05-13
Oracle VM version 3.2 (kernel-uek)	OVMSA-2016-0037	2016-03-16
Oracle VM version 3.3 (kernel-uek)	OVMSA-2015-0040	2015-04-06
Oracle VM version 3.3 (kernel-uek)	OVMSA-2015-0060	2015-05-14