CVE-2015-4103

Xen 3.3.x-4.5.x - Denial of Service via MSI Message Data Field Write

Title source: llm
STIX 2.1

Description

Xen 3.3.x through 4.5.x does not properly restrict write access to the host MSI message data field, which allows local x86 HVM guest administrators to cause a denial of service (host interrupt handling confusion) via vectors related to qemu and accessing spanning multiple fields.

References (16)

Core 16
Core References
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2630-1
Vendor Advisory x_refsource_confirm
https://support.citrix.com/article/CTX206006
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2015/dsa-3286
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160154.html
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2015/dsa-3284
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1032456
Vendor Advisory x_refsource_confirm
http://support.citrix.com/article/CTX201145
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/74947
Vendor Advisory x_refsource_confirm
http://xenbits.xen.org/xsa/advisory-128.html
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201604-03
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160171.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160685.html

Scores

EPSS 0.0012
EPSS Percentile 30.6%

Details

CWE
CWE-264
Status published
Products (30)
xen/xen 3.3.0
xen/xen 3.3.1
xen/xen 3.3.2
xen/xen 3.4.0
xen/xen 3.4.1
xen/xen 3.4.2
xen/xen 3.4.3
xen/xen 3.4.4
xen/xen 4.0.1
xen/xen 4.0.2
... and 20 more
Published Jun 03, 2015
Tracked Since Feb 18, 2026