CVE Vulnerabilities

CVE-2015-8551

NULL Pointer Dereference

Published: Apr 13, 2016 | Modified: Aug 26, 2020
CVSS 3.x
6
MEDIUM
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
CVSS 2.x
4.7 MEDIUM
AV:L/AC:M/Au:N/C:N/I:N/A:C
RedHat/V2
RedHat/V3
Ubuntu

The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to hit BUG conditions and cause a denial of service (NULL pointer dereference and host OS crash) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and a crafted sequence of XEN_PCI_OP_* operations, aka Linux pciback missing sanity checks.

Weakness

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Affected Software

Name Vendor Start Version End Version
Linux_kernel Linux 4.3.0 4.3.6
Linux_kernel Linux 3.1 3.1.10

Potential Mitigations

References