fkie_cve-2015-4103
Vulnerability from fkie_nvd
Published
2015-06-03 20:59
Modified
2025-04-12 10:46
Severity ?
Summary
Xen 3.3.x through 4.5.x does not properly restrict write access to the host MSI message data field, which allows local x86 HVM guest administrators to cause a denial of service (host interrupt handling confusion) via vectors related to qemu and accessing spanning multiple fields.
References
cve@mitre.orghttp://lists.fedoraproject.org/pipermail/package-announce/2015-June/160154.html
cve@mitre.orghttp://lists.fedoraproject.org/pipermail/package-announce/2015-June/160171.html
cve@mitre.orghttp://lists.fedoraproject.org/pipermail/package-announce/2015-June/160685.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2015-06/msg00004.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2015-06/msg00007.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2015-06/msg00029.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2015-06/msg00030.html
cve@mitre.orghttp://support.citrix.com/article/CTX201145
cve@mitre.orghttp://www.debian.org/security/2015/dsa-3284
cve@mitre.orghttp://www.debian.org/security/2015/dsa-3286
cve@mitre.orghttp://www.securityfocus.com/bid/74947
cve@mitre.orghttp://www.securitytracker.com/id/1032456
cve@mitre.orghttp://www.ubuntu.com/usn/USN-2630-1
cve@mitre.orghttp://xenbits.xen.org/xsa/advisory-128.htmlVendor Advisory
cve@mitre.orghttps://security.gentoo.org/glsa/201604-03
cve@mitre.orghttps://support.citrix.com/article/CTX206006
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160154.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160171.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160685.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00004.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00007.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00029.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00030.html
af854a3a-2127-422b-91ae-364da2661108http://support.citrix.com/article/CTX201145
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2015/dsa-3284
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2015/dsa-3286
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/74947
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1032456
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2630-1
af854a3a-2127-422b-91ae-364da2661108http://xenbits.xen.org/xsa/advisory-128.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201604-03
af854a3a-2127-422b-91ae-364da2661108https://support.citrix.com/article/CTX206006
Impacted products
Vendor Product Version
xen xen 3.3.0
xen xen 3.3.1
xen xen 3.3.2
xen xen 3.4.0
xen xen 3.4.1
xen xen 3.4.2
xen xen 3.4.3
xen xen 3.4.4
xen xen 4.0.1
xen xen 4.0.2
xen xen 4.0.3
xen xen 4.0.4
xen xen 4.1.0
xen xen 4.1.1
xen xen 4.1.2
xen xen 4.1.3
xen xen 4.1.4
xen xen 4.1.5
xen xen 4.1.6.1
xen xen 4.2.0
xen xen 4.2.1
xen xen 4.2.2
xen xen 4.2.3
xen xen 4.3.0
xen xen 4.3.1
xen xen 4.3.2
xen xen 4.3.4
xen xen 4.4.0
xen xen 4.4.1
xen xen 4.5.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:xen:xen:3.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB157D09-B91B-486A-A9F7-C9BA75AE8823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:xen:xen:3.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA95119D-EAF1-48D4-AE7C-0C4927D06CDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:xen:xen:3.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D40E4E4-3FCB-4980-8DD2-49DDABCB398E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:xen:xen:3.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F7D1B7E-C30F-430F-832D-2A405DA1F2D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:xen:xen:3.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7C1D0AD-B804-474C-96A3-988BADA0DAD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:xen:xen:3.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DCD1F05-9F96-40DD-B506-750E87306325",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:xen:xen:3.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "25B6AE42-E1EB-47A8-8FAF-7A93A67EC67F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:xen:xen:3.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "60BADA43-94D5-4E80-B5C8-D01A0249F13E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:xen:xen:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC734D58-96E5-4DD2-8781-F8E0ADB96462",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:xen:xen:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "62CEC1BF-1922-410D-BCBA-C58199F574C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:xen:xen:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "923F2C2B-4A65-4823-B511-D0FEB7C7FAB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:xen:xen:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1A24DED-B2EC-4D9C-9FA4-DD37EF3E3BFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:xen:xen:4.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D532B60-C8DD-4A2F-9D05-E574D23EB754",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:xen:xen:4.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D83CA8B-8E49-45FA-8FAB-C15052474542",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:xen:xen:4.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "27537DF5-7E0F-463F-BA87-46E329EE07AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:xen:xen:4.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EA4F978-9145-4FE6-B4F9-15207E52C40A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:xen:xen:4.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "22A995FD-9B7F-4DF0-BECF-4B086E470F1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:xen:xen:4.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "219597E2-E2D7-4647-8A7C-688B96300158",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:xen:xen:4.1.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "65E55950-EACA-4209-B2A1-E09026FC6006",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F0AF8EF-6FF6-4E22-B16E-82C9F90C6B00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:xen:xen:4.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "47640819-FC43-49ED-8A77-728C3D7255B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:xen:xen:4.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2448537F-87AD-45C1-9FB0-7A49CA31BD76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:xen:xen:4.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E36B2265-70E1-413B-A7CF-79D39E9ADCFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:xen:xen:4.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF948E6A-07BE-4C7D-8A98-002E89D35F4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:xen:xen:4.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0E23B94-1726-4F63-84BB-8D83FAB156D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:xen:xen:4.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C76124AB-4E3D-4BE0-AAEA-7FC05868E2FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:xen:xen:4.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F784EF07-DBEC-492A-A0F4-F9F7B2551A0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:xen:xen:4.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1044792C-D544-457C-9391-4F3B5BAB978D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:xen:xen:4.4.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "A40F356B-4F5F-485D-A53A-8CE4629D6931",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:xen:xen:4.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "90CCECD0-C0F9-45A8-8699-64428637EBCA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Xen 3.3.x through 4.5.x does not properly restrict write access to the host MSI message data field, which allows local x86 HVM guest administrators to cause a denial of service (host interrupt handling confusion) via vectors related to qemu and accessing spanning multiple fields."
    },
    {
      "lang": "es",
      "value": "Xen 3.3.x hasta la versi\u00f3n 4.5.x no restringe correctamente el acceso a escritura al campo de datos del mensaje MSI del host, lo que permite a administradores invitados x86 HVM locales causar una denegaci\u00f3n de servicio (confusi\u00f3n en el manejo de interrupci\u00f3n de host) a trav\u00e9s de vectores relacionados con qemu y accediendo a m\u00faltiples campos de expansi\u00f3n."
    }
  ],
  "id": "CVE-2015-4103",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 4.9,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-06-03T20:59:06.747",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160154.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160171.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160685.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00004.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00007.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00029.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00030.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.citrix.com/article/CTX201145"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2015/dsa-3284"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2015/dsa-3286"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/74947"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id/1032456"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/USN-2630-1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://xenbits.xen.org/xsa/advisory-128.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.gentoo.org/glsa/201604-03"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://support.citrix.com/article/CTX206006"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160154.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160171.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160685.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00007.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00029.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00030.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.citrix.com/article/CTX201145"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2015/dsa-3284"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2015/dsa-3286"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/74947"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1032456"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2630-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://xenbits.xen.org/xsa/advisory-128.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/201604-03"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://support.citrix.com/article/CTX206006"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.