CVE-2015-8104

Severity

47%

Complexity

34%

Confidentiality

115%

The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c.

The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c.

CVSS 2.0 Base Score 4.7. CVSS Attack Vector: local. CVSS Attack Complexity: medium. CVSS Vector: (AV:L/AC:M/Au:N/C:N/I:N/A:C).

Overview

First reported 9 years ago

2015-11-16 11:59:00

Last updated 6 years ago

2019-02-13 20:52:00

Affected Software

Xen Xen 4.3.0

4.3.0

Xen 4.3.1

4.3.1

Xen Xen 4.3.2

4.3.2

Xen Xen 4.3.3

4.3.3

Xen 4.3.4

4.3.4

Xen Xen 4.4.0

4.4.0

Xen Xen 4.4.1

4.4.1

Xen Xen 4.4.2

4.4.2

Xen Xen 4.4.3

4.4.3

Xen Xen 4.5.0

4.5.0

Xen Xen 4.5.1

4.5.1

Xen Xen 4.5.2

4.5.2

Xen Xen 4.6.0

4.6.0

Xen Xen 4.6.1

4.6.1

Xen 4.6.2

4.6.2

Xen 4.6.4

4.6.4

Xen 4.6.5

4.6.5

Oracle Solaris 11.3

11.3

Linux Kernel

Debian Linux 7.0

7.0

Debian Linux 8.0 (Jessie)

8.0

Debian Linux 9.0

9.0

Canonical Ubuntu Linux 12.04 LTS

12.04

Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)

14.04

Canonical Ubuntu Linux 15.04

15.04

References

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cbdb967af3d54993f5814f1cee0ed311a055377d

Issue Tracking, Patch, Vendor Advisory

FEDORA-2015-f150b2a8c8

Mailing List, Third Party Advisory

FEDORA-2015-668d213dc3

Mailing List, Third Party Advisory

FEDORA-2015-394835a3f6

Mailing List, Third Party Advisory

SUSE-SU-2015:2108

Mailing List, Third Party Advisory

SUSE-SU-2015:2194

Mailing List, Third Party Advisory

SUSE-SU-2015:2339

Mailing List, Third Party Advisory

SUSE-SU-2015:2350

Mailing List, Third Party Advisory

SUSE-SU-2016:0354

Mailing List, Third Party Advisory

openSUSE-SU-2016:1008

Mailing List, Third Party Advisory

SUSE-SU-2016:2074

Mailing List, Third Party Advisory

openSUSE-SU-2015:2232

Mailing List, Third Party Advisory

openSUSE-SU-2015:2250

Mailing List, Third Party Advisory

RHSA-2015:2636

Third Party Advisory

RHSA-2015:2645

Third Party Advisory

RHSA-2016:0046

Third Party Advisory

http://support.citrix.com/article/CTX202583

Third Party Advisory

http://support.citrix.com/article/CTX203879

Third Party Advisory

DSA-3414

Third Party Advisory

DSA-3426

Third Party Advisory

DSA-3454

Third Party Advisory

[oss-security] 20151110 CVE-2015-8104 kernel: kvm: guest to host DoS by triggering an infinite loop in microcode via #DB exception

Mailing List, Third Party Advisory

http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

Patch, Third Party Advisory

http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

Patch, Third Party Advisory

http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

Third Party Advisory

77524

Third Party Advisory, VDB Entry

91787

Third Party Advisory, VDB Entry

1034105

Third Party Advisory, VDB Entry

USN-2840-1

Third Party Advisory

USN-2841-1

Third Party Advisory

USN-2841-2

Third Party Advisory

USN-2842-1

Third Party Advisory

USN-2842-2

Third Party Advisory

USN-2843-1

Third Party Advisory

USN-2843-2

Third Party Advisory

USN-2844-1

Third Party Advisory

http://xenbits.xen.org/xsa/advisory-156.html

Patch, Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1278496

Issue Tracking, Vendor Advisory

https://github.com/torvalds/linux/commit/cbdb967af3d54993f5814f1cee0ed311a055377d

Issue Tracking, Patch, Vendor Advisory

https://kb.juniper.net/JSA10783

Third Party Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.