CVE-2015-8550 - OpenCVE

Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service (host OS crash) or gain privileges by writing to memory shared between the frontend and backend, aka a double fetch vulnerability.

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Complete

AV:L/AC:L/Au:S/C:P/I:P/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Xen	Xen
Novell	Suse Linux Enterprise Real Time Extension

Configuration 1 [-]

cpe:2.3:o:xen:xen:-:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:novell:suse_linux_enterprise_real_time_extension:12:sp1:*:*:*:*:*:*

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html	Third Party Advisory
http://www.debian.org/security/2016/dsa-3434
http://www.debian.org/security/2016/dsa-3471
http://www.debian.org/security/2016/dsa-3519
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://www.securityfocus.com/bid/79592	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1034479	Third Party Advisory VDB Entry
http://xenbits.xen.org/xsa/advisory-155.html	Vendor Advisory
https://security.gentoo.org/glsa/201604-03

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2016-04-14T14:00:00

Updated: 2017-11-03T18:57:01

Reserved: 2015-12-14T00:00:00

Link: CVE-2015-8550

JSON object: View

NVD Information

Status : Modified

Published: 2016-04-14T14:59:04.347

Modified: 2017-11-04T01:29:12.927

Link: CVE-2015-8550

JSON object: View

Redhat Information

No data.

CWE

CWE-284

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-12-17T00:00:00", "descriptions": [{"lang": "en", "value": "Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service (host OS crash) or gain privileges by writing to memory shared between the frontend and backend, aka a double fetch vulnerability."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-11-03T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"}, {"name": "DSA-3519", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2016/dsa-3519"}, {"name": "79592", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/79592"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://xenbits.xen.org/xsa/advisory-155.html"}, {"name": "SUSE-SU-2016:1764", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"}, {"name": "SUSE-SU-2016:1102", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html"}, {"name": "1034479", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1034479"}, {"name": "GLSA-201604-03", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201604-03"}, {"name": "DSA-3471", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2016/dsa-3471"}, {"name": "DSA-3434", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2016/dsa-3434"}, {"name": "SUSE-SU-2016:0911", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-8550", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service (host OS crash) or gain privileges by writing to memory shared between the frontend and backend, aka a double fetch vulnerability."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"}, {"name": "DSA-3519", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3519"}, {"name": "79592", "refsource": "BID", "url": "http://www.securityfocus.com/bid/79592"}, {"name": "http://xenbits.xen.org/xsa/advisory-155.html", "refsource": "CONFIRM", "url": "http://xenbits.xen.org/xsa/advisory-155.html"}, {"name": "SUSE-SU-2016:1764", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"}, {"name": "SUSE-SU-2016:1102", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html"}, {"name": "1034479", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1034479"}, {"name": "GLSA-201604-03", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201604-03"}, {"name": "DSA-3471", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3471"}, {"name": "DSA-3434", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3434"}, {"name": "SUSE-SU-2016:0911", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-8550", "datePublished": "2016-04-14T14:00:00", "dateReserved": "2015-12-14T00:00:00", "dateUpdated": "2017-11-03T18:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xen:xen:-:*:*:*:*:*:*:*", "matchCriteriaId": "BFA1950D-1D9F-4401-AA86-CF3028EFD286", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:novell:suse_linux_enterprise_real_time_extension:12:sp1:*:*:*:*:*:*", "matchCriteriaId": "5AB3CAA1-C20C-4A86-841E-EC0858164D7D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service (host OS crash) or gain privileges by writing to memory shared between the frontend and backend, aka a double fetch vulnerability."}, {"lang": "es", "value": "Xen, cuando se utiliza en un sistema que proporciona backends PV, permite a administradores locales del SO invitado causar una denegaci\u00f3n de servicio (ca\u00edda de SO anfitri\u00f3n) o la obtenci\u00f3n de privilegios escribiendo en la memoria compartida por el frontend y el backend, tambi\u00e9n conocida como una vulnerabilidad de doble recuperaci\u00f3n."}], "id": "CVE-2015-8550", "lastModified": "2017-11-04T01:29:12.927", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 5.7, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:C", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 8.5, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.5, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-04-14T14:59:04.347", "references": [{"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2016/dsa-3434"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2016/dsa-3471"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2016/dsa-3519"}, {"source": "cve@mitre.org", "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/79592"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1034479"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://xenbits.xen.org/xsa/advisory-155.html"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201604-03"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "nvd@nist.gov", "type": "Primary"}]}