CVE-2015-2756

Priority
Low
Description
QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict access
to PCI command registers, which might allow local HVM guest users to cause
a denial of service (non-maskable interrupt and host crash) by disabling
the (1) memory or (2) I/O decoding for a PCI Express device and then
accessing the device, which triggers an Unsupported Request (UR) response.
References
Notes
 smb> This is a qemu change which is part of the xen package for the
 smb> "traditional" qemu. Trusty and newer only provide qemu traditional as
 smb> a backup but by default use the generic qemu from the archive and
 smb> Vivid completely drops qemu traditional. So the non-qemut patches in
 smb> that XSA need to go into qemu.
Assigned-to
mdeslaur
Package
Source: qemu (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):released (2.0.0+dfsg-2ubuntu1.11)
Ubuntu Touch 15.04:released (1:2.2+dfsg-5expubuntu9)
Patches:
Upstream:http://git.qemu.org/?p=qemu.git;a=commit;h=81b23ef82cd1be29ca3d69ab7e98b5b5e55926ce
Package
Source: xen (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 LTS (Precise Pangolin):released (4.1.6.1-0ubuntu0.12.04.6)
Ubuntu 14.04 LTS (Trusty Tahr):released (4.4.1-0ubuntu0.14.04.5)
Ubuntu Touch 15.04:not-affected
Package
Upstream:ignored (reached end-of-life)
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu Touch 15.04:DNE
Package
Upstream:needs-triage
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (code not present)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu Touch 15.04:DNE
More Information

Updated: 2016-03-23 03:41:59 UTC (commit 10817)