Vulnerability Name:

CVE-2015-4104

Assigned:2015-05-27
Published:2015-06-03
Updated:2017-11-14
Summary:Xen 3.3.x through 4.5.x does not properly restrict access to PCI MSI mask bits, which allows local x86 HVM guest users to cause a denial of service (unexpected interrupt and host crash) via unspecified vectors.
CVSS v3 Severity:7.5 High (CCN CVSS v3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:7.8 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
5.8 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P)
1.6 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-264
References:Source: FEDORA
Type: UNKNOWN
FEDORA-2015-9466

Source: FEDORA
Type: UNKNOWN
FEDORA-2015-9456

Source: FEDORA
Type: UNKNOWN
FEDORA-2015-9965

Source: SUSE
Type: UNKNOWN
SUSE-SU-2015:1042

Source: SUSE
Type: UNKNOWN
SUSE-SU-2015:1045

Source: SUSE
Type: UNKNOWN
SUSE-SU-2015:1156

Source: SUSE
Type: UNKNOWN
SUSE-SU-2015:1157

Source: CONFIRM
Type: UNKNOWN
http://support.citrix.com/article/CTX201145

Source: DEBIAN
Type: UNKNOWN
DSA-3284

Source: DEBIAN
Type: UNKNOWN
DSA-3286

Source: BID
Type: UNKNOWN
74950

Source: SECTRACK
Type: UNKNOWN
1032464

Source: UBUNTU
Type: UNKNOWN
USN-2630-1

Source: CONFIRM
Type: VENDOR_ADVISORY
http://xenbits.xen.org/xsa/advisory-129.html

Source: XF
Type: UNKNOWN
xen-cve20154104-dos(103544)

Source: GENTOO
Type: UNKNOWN
GLSA-201604-03

Source: CONFIRM
Type: UNKNOWN
https://support.citrix.com/article/CTX206006

Vulnerable Configuration:Configuration 1:
  • cpe:/o:xen:xen:3.3.0:*:*:*:*:*:*:*
  • OR cpe:/o:xen:xen:3.3.1:*:*:*:*:*:*:*
  • OR cpe:/o:xen:xen:3.3.2:*:*:*:*:*:*:*
  • OR cpe:/o:xen:xen:3.4.0:*:*:*:*:*:*:*
  • OR cpe:/o:xen:xen:3.4.1:*:*:*:*:*:*:*
  • OR cpe:/o:xen:xen:3.4.2:*:*:*:*:*:*:*
  • OR cpe:/o:xen:xen:3.4.3:*:*:*:*:*:*:*
  • OR cpe:/o:xen:xen:3.4.4:*:*:*:*:*:*:*
  • OR cpe:/o:xen:xen:4.0.0:*:*:*:*:*:*:*
  • OR cpe:/o:xen:xen:4.0.1:*:*:*:*:*:*:*
  • OR cpe:/o:xen:xen:4.0.2:*:*:*:*:*:*:*
  • OR cpe:/o:xen:xen:4.0.3:*:*:*:*:*:*:*
  • OR cpe:/o:xen:xen:4.0.4:*:*:*:*:*:*:*
  • OR cpe:/o:xen:xen:4.1.0:*:*:*:*:*:*:*
  • OR cpe:/o:xen:xen:4.1.1:*:*:*:*:*:*:*
  • OR cpe:/o:xen:xen:4.1.2:*:*:*:*:*:*:*
  • OR cpe:/o:xen:xen:4.1.3:*:*:*:*:*:*:*
  • OR cpe:/o:xen:xen:4.1.4:*:*:*:*:*:*:*
  • OR cpe:/o:xen:xen:4.1.5:*:*:*:*:*:*:*
  • OR cpe:/o:xen:xen:4.1.6.1:*:*:*:*:*:*:*
  • OR cpe:/o:xen:xen:4.2.0:*:*:*:*:*:*:*
  • OR cpe:/o:xen:xen:4.2.1:*:*:*:*:*:*:*
  • OR cpe:/o:xen:xen:4.2.2:*:*:*:*:*:*:*
  • OR cpe:/o:xen:xen:4.2.3:*:*:*:*:*:*:*
  • OR cpe:/o:xen:xen:4.3.0:*:*:*:*:*:*:*
  • OR cpe:/o:xen:xen:4.3.1:*:*:*:*:*:*:*
  • OR cpe:/o:xen:xen:4.3.2:*:*:*:*:*:*:*
  • OR cpe:/o:xen:xen:4.3.4:*:*:*:*:*:*:*
  • OR cpe:/o:xen:xen:4.4.0:*:*:*:*:*:*:*
  • OR cpe:/o:xen:xen:4.4.1:-:*:*:*:*:*:*
  • OR cpe:/o:xen:xen:4.5.0:*:*:*:*:*:*:*

  • Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20154104
    V
    CVE-2015-4104
    2017-11-19
    oval:org.cisecurity:def:193
    P
    DSA-3286-1 -- xen -- security update
    2016-02-08
    oval:org.cisecurity:def:231
    P
    DSA-3284-1 -- qemu -- security update
    2016-02-08
    oval:com.ubuntu.precise:def:20154104000
    V
    CVE-2015-4104 on Ubuntu 12.04 LTS (precise) - medium.
    2015-06-03
    oval:com.ubuntu.trusty:def:20154104000
    V
    CVE-2015-4104 on Ubuntu 14.04 LTS (trusty) - medium.
    2015-06-03
    BACK
    xen xen 3.3.0
    xen xen 3.3.1
    xen xen 3.3.2
    xen xen 3.4.0
    xen xen 3.4.1
    xen xen 3.4.2
    xen xen 3.4.3
    xen xen 3.4.4
    xen xen 4.0.0
    xen xen 4.0.1
    xen xen 4.0.2
    xen xen 4.0.3
    xen xen 4.0.4
    xen xen 4.1.0
    xen xen 4.1.1
    xen xen 4.1.2
    xen xen 4.1.3
    xen xen 4.1.4
    xen xen 4.1.5
    xen xen 4.1.6.1
    xen xen 4.2.0
    xen xen 4.2.1
    xen xen 4.2.2
    xen xen 4.2.3
    xen xen 4.3.0
    xen xen 4.3.1
    xen xen 4.3.2
    xen xen 4.3.4
    xen xen 4.4.0
    xen xen 4.4.1 -
    xen xen 4.5.0