CVE-2015-4106 - Vulnerability Details

Vendors	Products
Canonical	Ubuntu Linux
Citrix	Xenserver
Debian	Debian Linux
Fedoraproject	Fedora
Qemu	Qemu
Suse	Linux Enterprise Desktop Linux Enterprise Server Linux Enterprise Software Development Kit

Link	Providers
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160154.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160171.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160685.html
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00007.html
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00029.html
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00030.html
http://support.citrix.com/article/CTX201145
http://www.debian.org/security/2015/dsa-3284
http://www.debian.org/security/2015/dsa-3286
http://www.securityfocus.com/bid/74949
http://www.securitytracker.com/id/1032467
http://www.ubuntu.com/usn/USN-2630-1
http://xenbits.xen.org/xsa/advisory-131.html
https://nvd.nist.gov/vuln/detail/CVE-2015-4106
https://security.gentoo.org/glsa/201604-03
https://support.citrix.com/article/CTX206006
https://www.cve.org/CVERecord?id=CVE-2015-4106

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-06-02T00:00:00", "descriptions": [{"lang": "en", "value": "QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-11-14T10:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "USN-2630-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2630-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.citrix.com/article/CTX206006"}, {"name": "DSA-3286", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2015/dsa-3286"}, {"name": "SUSE-SU-2015:1156", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00029.html"}, {"name": "FEDORA-2015-9466", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160154.html"}, {"name": "DSA-3284", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2015/dsa-3284"}, {"name": "74949", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/74949"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://xenbits.xen.org/xsa/advisory-131.html"}, {"name": "SUSE-SU-2015:1157", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00030.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.citrix.com/article/CTX201145"}, {"name": "SUSE-SU-2015:1045", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00007.html"}, {"name": "GLSA-201604-03", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201604-03"}, {"name": "1032467", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1032467"}, {"name": "FEDORA-2015-9456", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160171.html"}, {"name": "SUSE-SU-2015:1042", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00004.html"}, {"name": "FEDORA-2015-9965", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160685.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-4106", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "USN-2630-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2630-1"}, {"name": "https://support.citrix.com/article/CTX206006", "refsource": "CONFIRM", "url": "https://support.citrix.com/article/CTX206006"}, {"name": "DSA-3286", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2015/dsa-3286"}, {"name": "SUSE-SU-2015:1156", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00029.html"}, {"name": "FEDORA-2015-9466", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160154.html"}, {"name": "DSA-3284", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2015/dsa-3284"}, {"name": "74949", "refsource": "BID", "url": "http://www.securityfocus.com/bid/74949"}, {"name": "http://xenbits.xen.org/xsa/advisory-131.html", "refsource": "CONFIRM", "url": "http://xenbits.xen.org/xsa/advisory-131.html"}, {"name": "SUSE-SU-2015:1157", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00030.html"}, {"name": "http://support.citrix.com/article/CTX201145", "refsource": "CONFIRM", "url": "http://support.citrix.com/article/CTX201145"}, {"name": "SUSE-SU-2015:1045", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00007.html"}, {"name": "GLSA-201604-03", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201604-03"}, {"name": "1032467", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1032467"}, {"name": "FEDORA-2015-9456", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160171.html"}, {"name": "SUSE-SU-2015:1042", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00004.html"}, {"name": "FEDORA-2015-9965", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160685.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T06:04:02.899Z"}, "title": "CVE Program Container", "references": [{"name": "USN-2630-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2630-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.citrix.com/article/CTX206006"}, {"name": "DSA-3286", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2015/dsa-3286"}, {"name": "SUSE-SU-2015:1156", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00029.html"}, {"name": "FEDORA-2015-9466", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160154.html"}, {"name": "DSA-3284", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2015/dsa-3284"}, {"name": "74949", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/74949"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://xenbits.xen.org/xsa/advisory-131.html"}, {"name": "SUSE-SU-2015:1157", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00030.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.citrix.com/article/CTX201145"}, {"name": "SUSE-SU-2015:1045", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00007.html"}, {"name": "GLSA-201604-03", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201604-03"}, {"name": "1032467", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1032467"}, {"name": "FEDORA-2015-9456", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160171.html"}, {"name": "SUSE-SU-2015:1042", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00004.html"}, {"name": "FEDORA-2015-9965", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160685.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-4106", "datePublished": "2015-06-03T20:00:00", "dateReserved": "2015-05-27T00:00:00", "dateUpdated": "2024-08-06T06:04:02.899Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2015-06-02T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2017-11-14T10:57:01 (string)

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

}

references : [ »

0 : { »

name : USN-2630-1 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_UBUNTU (string)

]

url : http://www.ubuntu.com/usn/USN-2630-1 (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://support.citrix.com/article/CTX206006 (string)

}

2 : { »

name : DSA-3286 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

]

url : http://www.debian.org/security/2015/dsa-3286 (string)

}

3 : { »

name : SUSE-SU-2015:1156 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00029.html (string)

}

4 : { »

name : FEDORA-2015-9466 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160154.html (string)

}

5 : { »

name : DSA-3284 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

]

url : http://www.debian.org/security/2015/dsa-3284 (string)

}

6 : { »

name : 74949 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

]

url : http://www.securityfocus.com/bid/74949 (string)

}

7 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://xenbits.xen.org/xsa/advisory-131.html (string)

}

8 : { »

name : SUSE-SU-2015:1157 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00030.html (string)

}

9 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://support.citrix.com/article/CTX201145 (string)

}

10 : { »

name : SUSE-SU-2015:1045 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00007.html (string)

}

11 : { »

name : GLSA-201604-03 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_GENTOO (string)

]

url : https://security.gentoo.org/glsa/201604-03 (string)

}

12 : { »

name : 1032467 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

]

url : http://www.securitytracker.com/id/1032467 (string)

}

13 : { »

name : FEDORA-2015-9456 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160171.html (string)

}

14 : { »

name : SUSE-SU-2015:1042 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00004.html (string)

}

15 : { »

name : FEDORA-2015-9965 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160685.html (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cve@mitre.org (string)

ID : CVE-2015-4106 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : USN-2630-1 (string)

refsource : UBUNTU (string)

url : http://www.ubuntu.com/usn/USN-2630-1 (string)

}

1 : { »

name : https://support.citrix.com/article/CTX206006 (string)

refsource : CONFIRM (string)

url : https://support.citrix.com/article/CTX206006 (string)

}

2 : { »

name : DSA-3286 (string)

refsource : DEBIAN (string)

url : http://www.debian.org/security/2015/dsa-3286 (string)

}

3 : { »

name : SUSE-SU-2015:1156 (string)

refsource : SUSE (string)

url : http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00029.html (string)

}

4 : { »

name : FEDORA-2015-9466 (string)

refsource : FEDORA (string)

url : http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160154.html (string)

}

5 : { »

name : DSA-3284 (string)

refsource : DEBIAN (string)

url : http://www.debian.org/security/2015/dsa-3284 (string)

}

6 : { »

name : 74949 (string)

refsource : BID (string)

url : http://www.securityfocus.com/bid/74949 (string)

}

7 : { »

name : http://xenbits.xen.org/xsa/advisory-131.html (string)

refsource : CONFIRM (string)

url : http://xenbits.xen.org/xsa/advisory-131.html (string)

}

8 : { »

name : SUSE-SU-2015:1157 (string)

refsource : SUSE (string)

url : http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00030.html (string)

}

9 : { »

name : http://support.citrix.com/article/CTX201145 (string)

refsource : CONFIRM (string)

url : http://support.citrix.com/article/CTX201145 (string)

}

10 : { »

name : SUSE-SU-2015:1045 (string)

refsource : SUSE (string)

url : http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00007.html (string)

}

11 : { »

name : GLSA-201604-03 (string)

refsource : GENTOO (string)

url : https://security.gentoo.org/glsa/201604-03 (string)

}

12 : { »

name : 1032467 (string)

refsource : SECTRACK (string)

url : http://www.securitytracker.com/id/1032467 (string)

}

13 : { »

name : FEDORA-2015-9456 (string)

refsource : FEDORA (string)

url : http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160171.html (string)

}

14 : { »

name : SUSE-SU-2015:1042 (string)

refsource : SUSE (string)

url : http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00004.html (string)

}

15 : { »

name : FEDORA-2015-9965 (string)

refsource : FEDORA (string)

url : http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160685.html (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-06T06:04:02.899Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : USN-2630-1 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_UBUNTU (string)

2 : x_transferred (string)

]

url : http://www.ubuntu.com/usn/USN-2630-1 (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://support.citrix.com/article/CTX206006 (string)

}

2 : { »

name : DSA-3286 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

2 : x_transferred (string)

]

url : http://www.debian.org/security/2015/dsa-3286 (string)

}

3 : { »

name : SUSE-SU-2015:1156 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

2 : x_transferred (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00029.html (string)

}

4 : { »

name : FEDORA-2015-9466 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

2 : x_transferred (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160154.html (string)

}

5 : { »

name : DSA-3284 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

2 : x_transferred (string)

]

url : http://www.debian.org/security/2015/dsa-3284 (string)

}

6 : { »

name : 74949 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/bid/74949 (string)

}

7 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://xenbits.xen.org/xsa/advisory-131.html (string)

}

8 : { »

name : SUSE-SU-2015:1157 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

2 : x_transferred (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00030.html (string)

}

9 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://support.citrix.com/article/CTX201145 (string)

}

10 : { »

name : SUSE-SU-2015:1045 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

2 : x_transferred (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00007.html (string)

}

11 : { »

name : GLSA-201604-03 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_GENTOO (string)

2 : x_transferred (string)

]

url : https://security.gentoo.org/glsa/201604-03 (string)

}

12 : { »

name : 1032467 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

2 : x_transferred (string)

]

url : http://www.securitytracker.com/id/1032467 (string)

}

13 : { »

name : FEDORA-2015-9456 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

2 : x_transferred (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160171.html (string)

}

14 : { »

name : SUSE-SU-2015:1042 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

2 : x_transferred (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00004.html (string)

}

15 : { »

name : FEDORA-2015-9965 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

2 : x_transferred (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160685.html (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

cveId : CVE-2015-4106 (string)

datePublished : 2015-06-03T20:00:00 (string)

dateReserved : 2015-05-27T00:00:00 (string)

dateUpdated : 2024-08-06T06:04:02.899Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "matchCriteriaId": "19E6775C-BA58-4D7E-96AB-9283C99D9641", "versionEndIncluding": "2.3.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", "matchCriteriaId": "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*", "matchCriteriaId": "56BDB5A0-0839-4A20-A003-B8CD56F48171", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*", "matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*", "matchCriteriaId": "3ED68ADD-BBDA-4485-BC76-58F011D72311", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*", "matchCriteriaId": "D2DF4815-B8CB-4AD3-B91D-2E09A8E318E9", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:ltss:*:*:*", "matchCriteriaId": "67960FB9-13D1-4DEE-8158-31BF31BCBE6F", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*", "matchCriteriaId": "CB6476C7-03F2-4939-AB85-69AA524516D9", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*", "matchCriteriaId": "E534C201-BCC5-473C-AAA7-AAB97CEB5437", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*", "matchCriteriaId": "15FC9014-BD85-4382-9D04-C0703E901D7A", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*", "matchCriteriaId": "2F7F8866-DEAD-44D1-AB10-21EE611AA026", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-:*:*:*:*:*:*", "matchCriteriaId": "1831D45A-EE6E-4220-8F8C-248B69520948", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:citrix:xenserver:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9C1D10B8-202D-44A4-A872-88D7C11488D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:xenserver:6.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "5FCF191B-971A-4945-AB14-08091689BE2F", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:xenserver:6.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "66AF3F78-AA0C-473E-8B90-AC77B4CF3667", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:xenserver:6.2.0:-:*:*:*:*:*:*", "matchCriteriaId": "F31DB577-72CD-49CC-8AF5-23098503939E", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:xenserver:6.5:-:*:*:*:*:*:*", "matchCriteriaId": "3CC06F6C-6C15-444F-B159-235D347E5929", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*", "matchCriteriaId": "49A63F39-30BE-443F-AF10-6245587D3359", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", "matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors."}, {"lang": "es", "value": "QEMU no restringe correctamente el acceso a escritura al espacio PCI config para ciertos dispositivos PCI pass-through, lo que podr\u00eda permitir a invitados x86 HVM locales obtener privilegios, causar una denegaci\u00f3n de servicio (ca\u00edda de host), obtener informaci\u00f3n sensible o posiblemente tener otro impacto no especificado a trav\u00e9s de vectores desconocidos."}], "id": "CVE-2015-4106", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-06-03T20:59:09.573", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160154.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160171.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160685.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00004.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00007.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00029.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00030.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://support.citrix.com/article/CTX201145"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2015/dsa-3284"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2015/dsa-3286"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/74949"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1032467"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2630-1"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://xenbits.xen.org/xsa/advisory-131.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201604-03"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://support.citrix.com/article/CTX206006"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160154.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160171.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160685.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00004.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00007.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00029.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00030.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://support.citrix.com/article/CTX201145"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2015/dsa-3284"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2015/dsa-3286"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/74949"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1032467"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2630-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://xenbits.xen.org/xsa/advisory-131.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201604-03"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://support.citrix.com/article/CTX206006"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 19E6775C-BA58-4D7E-96AB-9283C99D9641 (string)

versionEndIncluding : 2.3.1 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 16F59A04-14CF-49E2-9973-645477EA09DA (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* (string)

matchCriteriaId : C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

2 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:* (string)

matchCriteriaId : FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:* (string)

matchCriteriaId : 56BDB5A0-0839-4A20-A003-B8CD56F48171 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:* (string)

matchCriteriaId : 253C303A-E577-4488-93E6-68A8DD942C38 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

3 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:* (string)

matchCriteriaId : 3ED68ADD-BBDA-4485-BC76-58F011D72311 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:* (string)

matchCriteriaId : D2DF4815-B8CB-4AD3-B91D-2E09A8E318E9 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:ltss:*:*:* (string)

matchCriteriaId : 67960FB9-13D1-4DEE-8158-31BF31BCBE6F (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:* (string)

matchCriteriaId : CB6476C7-03F2-4939-AB85-69AA524516D9 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:* (string)

matchCriteriaId : E534C201-BCC5-473C-AAA7-AAB97CEB5437 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:* (string)

matchCriteriaId : 15FC9014-BD85-4382-9D04-C0703E901D7A (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:* (string)

matchCriteriaId : 2F7F8866-DEAD-44D1-AB10-21EE611AA026 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-:*:*:*:*:*:* (string)

matchCriteriaId : 1831D45A-EE6E-4220-8F8C-248B69520948 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

4 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:citrix:xenserver:6.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 9C1D10B8-202D-44A4-A872-88D7C11488D1 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:citrix:xenserver:6.0.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 5FCF191B-971A-4945-AB14-08091689BE2F (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:citrix:xenserver:6.1.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 66AF3F78-AA0C-473E-8B90-AC77B4CF3667 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:citrix:xenserver:6.2.0:-:*:*:*:*:*:* (string)

matchCriteriaId : F31DB577-72CD-49CC-8AF5-23098503939E (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:citrix:xenserver:6.5:-:*:*:*:*:*:* (string)

matchCriteriaId : 3CC06F6C-6C15-444F-B159-235D347E5929 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

5 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:* (string)

matchCriteriaId : 8D305F7A-D159-4716-AB26-5E38BB5CD991 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:* (string)

matchCriteriaId : 815D70A8-47D3-459C-A32C-9FEACA0659D1 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:* (string)

matchCriteriaId : 49A63F39-30BE-443F-AF10-6245587D3359 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:* (string)

matchCriteriaId : F38D3B7E-8429-473F-BB31-FC3583EE5A5B (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors. (string)

}

1 : { »

lang : es (string)

value : QEMU no restringe correctamente el acceso a escritura al espacio PCI config para ciertos dispositivos PCI pass-through, lo que podría permitir a invitados x86 HVM locales obtener privilegios, causar una denegación de servicio (caída de host), obtener información sensible o posiblemente tener otro impacto no especificado a través de vectores desconocidos. (string)

}

]

id : CVE-2015-4106 (string)

lastModified : 2025-04-12T10:46:40.837 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : LOCAL (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 4.6 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:L/AC:L/Au:N/C:P/I:P/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 6.4 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

}

published : 2015-06-03T20:59:09.573 (string)

references : [ »

0 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160154.html (string)

}

1 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160171.html (string)

}

2 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160685.html (string)

}

3 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00004.html (string)

}

4 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00007.html (string)

}

5 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00029.html (string)

}

6 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00030.html (string)

}

7 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://support.citrix.com/article/CTX201145 (string)

}

8 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.debian.org/security/2015/dsa-3284 (string)

}

9 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.debian.org/security/2015/dsa-3286 (string)

}

10 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/74949 (string)

}

11 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securitytracker.com/id/1032467 (string)

}

12 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.ubuntu.com/usn/USN-2630-1 (string)

}

13 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://xenbits.xen.org/xsa/advisory-131.html (string)

}

14 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://security.gentoo.org/glsa/201604-03 (string)

}

15 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://support.citrix.com/article/CTX206006 (string)

}

16 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160154.html (string)

}

17 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160171.html (string)

}

18 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160685.html (string)

}

19 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00004.html (string)

}

20 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00007.html (string)

}

21 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00029.html (string)

}

22 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00030.html (string)

}

23 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://support.citrix.com/article/CTX201145 (string)

}

24 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.debian.org/security/2015/dsa-3284 (string)

}

25 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.debian.org/security/2015/dsa-3286 (string)

}

26 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/74949 (string)

}

27 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securitytracker.com/id/1032467 (string)

}

28 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.ubuntu.com/usn/USN-2630-1 (string)

}

29 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://xenbits.xen.org/xsa/advisory-131.html (string)

}

30 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://security.gentoo.org/glsa/201604-03 (string)

}

31 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://support.citrix.com/article/CTX206006 (string)

}

]

sourceIdentifier : cve@mitre.org (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-863 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Show plain JSON

{"acknowledgement": "Red Hat would like to thank Xen project for reporting this issue.", "bugzilla": {"description": "xen: unmediated PCI register access in qemu (xsa-131)", "id": "1223859", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1223859"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:A/AC:H/Au:N/C:P/I:P/A:P", "status": "draft"}, "details": ["QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors."], "name": "CVE-2015-4106", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Affected", "package_name": "xen", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2015-06-02T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-4106\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4106\nhttp://xenbits.xen.org/xsa/advisory-131.html"], "statement": "This issue does affect then Xen packages as shipped with Red Hat Enterprise Linux 5.\nRed Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "threat_severity": "Moderate"}

{

acknowledgement : Red Hat would like to thank Xen project for reporting this issue. (string)

bugzilla : { »

description : xen: unmediated PCI register access in qemu (xsa-131) (string)

id : 1223859 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=1223859 (string)

}

csaw : false (boolean)

cvss : { »

cvss_base_score : 4.3 (string)

cvss_scoring_vector : AV:A/AC:H/Au:N/C:P/I:P/A:P (string)

status : draft (string)

}

details : [ »

0 : QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors. (string)

]

name : CVE-2015-4106 (string)

package_state : [ »

0 : { »

cpe : cpe:/o:redhat:enterprise_linux:5 (string)

fix_state : Affected (string)

package_name : xen (string)

product_name : Red Hat Enterprise Linux 5 (string)

}

]

public_date : 2015-06-02T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2015-4106 https://nvd.nist.gov/vuln/detail/CVE-2015-4106 http://xenbits.xen.org/xsa/advisory-131.html (string)

]

statement : This issue does affect then Xen packages as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/. (string)

threat_severity : Moderate (string)

}

Metrics

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object