CVE-2015-2756

Priority
Description
QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict access
to PCI command registers, which might allow local HVM guest users to cause
a denial of service (non-maskable interrupt and host crash) by disabling
the (1) memory or (2) I/O decoding for a PCI Express device and then
accessing the device, which triggers an Unsupported Request (UR) response.
Assigned-to
mdeslaur
Notes
smbThis is a qemu change which is part of the xen package for the
"traditional" qemu. Trusty and newer only provide qemu traditional as
a backup but by default use the generic qemu from the archive and
Vivid completely drops qemu traditional. So the non-qemut patches in
that XSA need to go into qemu.
Package
Source: qemu (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 14.04 ESM (Trusty Tahr):released (2.0.0+dfsg-2ubuntu1.11)
Patches:
Upstream:http://git.qemu.org/?p=qemu.git;a=commit;h=81b23ef82cd1be29ca3d69ab7e98b5b5e55926ce
Package
Upstream:needs-triage
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Package
Source: xen (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was released [4.4.1-0ubuntu0.14.04.5])
Binaries built from this source package are in universe and so are supported by the community. For more details see https://wiki.ubuntu.com/SecurityTeam/FAQ#Official_Support
Package
Upstream:ignored (reached end-of-life)
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Binaries built from this source package are in universe and so are supported by the community. For more details see https://wiki.ubuntu.com/SecurityTeam/FAQ#Official_Support
More Information

Updated: 2020-07-28 19:54:08 UTC (commit d26b6ca9f5b3adb89bb036ce73ae7dab894935ec)