CVE-2015-2756

Priority
Low
Description
QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict access
to PCI command registers, which might allow local HVM guest users to cause
a denial of service (non-maskable interrupt and host crash) by disabling
the (1) memory or (2) I/O decoding for a PCI Express device and then
accessing the device, which triggers an Unsupported Request (UR) response.
References
Notes
 smb> This is a qemu change which is part of the xen package for the
 smb> "traditional" qemu. Trusty and newer only provide qemu traditional as
 smb> a backup but by default use the generic qemu from the archive and
 smb> Vivid completely drops qemu traditional. So the non-qemut patches in
 smb> that XSA need to go into qemu.
Assigned-to
mdeslaur
Package
Source: qemu (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):released (2.0.0+dfsg-2ubuntu1.11)
Patches:
Upstream:http://git.qemu.org/?p=qemu.git;a=commit;h=81b23ef82cd1be29ca3d69ab7e98b5b5e55926ce
Package
Source: xen (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):released (4.4.1-0ubuntu0.14.04.5)
Package
Upstream:ignored (reached end-of-life)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Package
Upstream:needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):DNE
More Information

Updated: 2017-08-11 23:53:14 UTC (commit 13081)