{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-06-02T00:00:00", "descriptions": [{"lang": "en", "value": "Xen 3.3.x through 4.5.x does not properly restrict write access to the host MSI message data field, which allows local x86 HVM guest administrators to cause a denial of service (host interrupt handling confusion) via vectors related to qemu and accessing spanning multiple fields."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-11-14T10:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "USN-2630-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2630-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.citrix.com/article/CTX206006"}, {"name": "DSA-3286", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2015/dsa-3286"}, {"name": "SUSE-SU-2015:1156", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00029.html"}, {"name": "FEDORA-2015-9466", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160154.html"}, {"name": "DSA-3284", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2015/dsa-3284"}, {"name": "1032456", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1032456"}, {"name": "SUSE-SU-2015:1157", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00030.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.citrix.com/article/CTX201145"}, {"name": "SUSE-SU-2015:1045", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00007.html"}, {"name": "74947", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/74947"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://xenbits.xen.org/xsa/advisory-128.html"}, {"name": "GLSA-201604-03", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201604-03"}, {"name": "FEDORA-2015-9456", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160171.html"}, {"name": "SUSE-SU-2015:1042", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00004.html"}, {"name": "FEDORA-2015-9965", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160685.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-4103", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Xen 3.3.x through 4.5.x does not properly restrict write access to the host MSI message data field, which allows local x86 HVM guest administrators to cause a denial of service (host interrupt handling confusion) via vectors related to qemu and accessing spanning multiple fields."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "USN-2630-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2630-1"}, {"name": "https://support.citrix.com/article/CTX206006", "refsource": "CONFIRM", "url": "https://support.citrix.com/article/CTX206006"}, {"name": "DSA-3286", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2015/dsa-3286"}, {"name": "SUSE-SU-2015:1156", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00029.html"}, {"name": "FEDORA-2015-9466", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160154.html"}, {"name": "DSA-3284", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2015/dsa-3284"}, {"name": "1032456", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1032456"}, {"name": "SUSE-SU-2015:1157", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00030.html"}, {"name": "http://support.citrix.com/article/CTX201145", "refsource": "CONFIRM", "url": "http://support.citrix.com/article/CTX201145"}, {"name": "SUSE-SU-2015:1045", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00007.html"}, {"name": "74947", "refsource": "BID", "url": "http://www.securityfocus.com/bid/74947"}, {"name": "http://xenbits.xen.org/xsa/advisory-128.html", "refsource": "CONFIRM", "url": "http://xenbits.xen.org/xsa/advisory-128.html"}, {"name": "GLSA-201604-03", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201604-03"}, {"name": "FEDORA-2015-9456", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160171.html"}, {"name": "SUSE-SU-2015:1042", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00004.html"}, {"name": "FEDORA-2015-9965", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160685.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T06:04:02.696Z"}, "title": "CVE Program Container", "references": [{"name": "USN-2630-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2630-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.citrix.com/article/CTX206006"}, {"name": "DSA-3286", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2015/dsa-3286"}, {"name": "SUSE-SU-2015:1156", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00029.html"}, {"name": "FEDORA-2015-9466", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160154.html"}, {"name": "DSA-3284", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2015/dsa-3284"}, {"name": "1032456", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1032456"}, {"name": "SUSE-SU-2015:1157", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00030.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.citrix.com/article/CTX201145"}, {"name": "SUSE-SU-2015:1045", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00007.html"}, {"name": "74947", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/74947"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://xenbits.xen.org/xsa/advisory-128.html"}, {"name": "GLSA-201604-03", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201604-03"}, {"name": "FEDORA-2015-9456", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160171.html"}, {"name": "SUSE-SU-2015:1042", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00004.html"}, {"name": "FEDORA-2015-9965", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160685.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-4103", "datePublished": "2015-06-03T20:00:00", "dateReserved": "2015-05-27T00:00:00", "dateUpdated": "2024-08-06T06:04:02.696Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xen:xen:3.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "EB157D09-B91B-486A-A9F7-C9BA75AE8823", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:3.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "FA95119D-EAF1-48D4-AE7C-0C4927D06CDF", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:3.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "5D40E4E4-3FCB-4980-8DD2-49DDABCB398E", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:3.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "7F7D1B7E-C30F-430F-832D-2A405DA1F2D9", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:3.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "B7C1D0AD-B804-474C-96A3-988BADA0DAD2", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:3.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "1DCD1F05-9F96-40DD-B506-750E87306325", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:3.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "25B6AE42-E1EB-47A8-8FAF-7A93A67EC67F", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:3.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "60BADA43-94D5-4E80-B5C8-D01A0249F13E", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "FC734D58-96E5-4DD2-8781-F8E0ADB96462", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "62CEC1BF-1922-410D-BCBA-C58199F574C7", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "923F2C2B-4A65-4823-B511-D0FEB7C7FAB2", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "C1A24DED-B2EC-4D9C-9FA4-DD37EF3E3BFC", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "0D532B60-C8DD-4A2F-9D05-E574D23EB754", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "5D83CA8B-8E49-45FA-8FAB-C15052474542", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "27537DF5-7E0F-463F-BA87-46E329EE07AC", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "3EA4F978-9145-4FE6-B4F9-15207E52C40A", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "22A995FD-9B7F-4DF0-BECF-4B086E470F1E", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "219597E2-E2D7-4647-8A7C-688B96300158", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.1.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "65E55950-EACA-4209-B2A1-E09026FC6006", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "8F0AF8EF-6FF6-4E22-B16E-82C9F90C6B00", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "47640819-FC43-49ED-8A77-728C3D7255B3", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "2448537F-87AD-45C1-9FB0-7A49CA31BD76", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "E36B2265-70E1-413B-A7CF-79D39E9ADCFB", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "BF948E6A-07BE-4C7D-8A98-002E89D35F4D", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "C0E23B94-1726-4F63-84BB-8D83FAB156D7", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "C76124AB-4E3D-4BE0-AAEA-7FC05868E2FB", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "F784EF07-DBEC-492A-A0F4-F9F7B2551A0B", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "1044792C-D544-457C-9391-4F3B5BAB978D", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.4.1:-:*:*:*:*:*:*", "matchCriteriaId": "A40F356B-4F5F-485D-A53A-8CE4629D6931", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "90CCECD0-C0F9-45A8-8699-64428637EBCA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Xen 3.3.x through 4.5.x does not properly restrict write access to the host MSI message data field, which allows local x86 HVM guest administrators to cause a denial of service (host interrupt handling confusion) via vectors related to qemu and accessing spanning multiple fields."}, {"lang": "es", "value": "Xen 3.3.x hasta la versi\u00f3n 4.5.x no restringe correctamente el acceso a escritura al campo de datos del mensaje MSI del host, lo que permite a administradores invitados x86 HVM locales causar una denegaci\u00f3n de servicio (confusi\u00f3n en el manejo de interrupci\u00f3n de host) a trav\u00e9s de vectores relacionados con qemu y accediendo a m\u00faltiples campos de expansi\u00f3n."}], "id": "CVE-2015-4103", "lastModified": "2017-11-15T02:29:07.343", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-06-03T20:59:06.747", "references": [{"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160154.html"}, {"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160171.html"}, {"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160685.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00004.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00007.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00029.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00030.html"}, {"source": "cve@mitre.org", "url": "http://support.citrix.com/article/CTX201145"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2015/dsa-3284"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2015/dsa-3286"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/74947"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id/1032456"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-2630-1"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://xenbits.xen.org/xsa/advisory-128.html"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201604-03"}, {"source": "cve@mitre.org", "url": "https://support.citrix.com/article/CTX206006"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Xen project for reporting this issue.", "bugzilla": {"description": "xen: potential unintended writes to host MSI message data field via qemu (xsa-128)", "id": "1223846", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1223846"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:A/AC:H/Au:S/C:N/I:N/A:C", "status": "draft"}, "details": ["Xen 3.3.x through 4.5.x does not properly restrict write access to the host MSI message data field, which allows local x86 HVM guest administrators to cause a denial of service (host interrupt handling confusion) via vectors related to qemu and accessing spanning multiple fields."], "name": "CVE-2015-4103", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Affected", "package_name": "xen", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2015-06-02T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-4103\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4103\nhttp://xenbits.xen.org/xsa/advisory-128.html"], "statement": "This issue does affect then Xen packages as shipped with Red Hat Enterprise Linux 5.\nRed Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "threat_severity": "Low"}