CVE-2015-2756 (retired)

Priority
Description
QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict access
to PCI command registers, which might allow local HVM guest users to cause
a denial of service (non-maskable interrupt and host crash) by disabling
the (1) memory or (2) I/O decoding for a PCI Express device and then
accessing the device, which triggers an Unsupported Request (UR) response.
Notes
 smb> This is a qemu change which is part of the xen package for the
 smb> "traditional" qemu. Trusty and newer only provide qemu traditional as
 smb> a backup but by default use the generic qemu from the archive and
 smb> Vivid completely drops qemu traditional. So the non-qemut patches in
 smb> that XSA need to go into qemu.
Assigned-to
mdeslaur
Package
Upstream:needs-triage
Package
Source: xen (LP Ubuntu Debian)
Upstream:needs-triage
Binaries built from this source package are in universe and so are supported by the community. For more details see https://wiki.ubuntu.com/SecurityTeam/FAQ#Official_Support
Package
Upstream:ignored (reached end-of-life)
Binaries built from this source package are in universe and so are supported by the community. For more details see https://wiki.ubuntu.com/SecurityTeam/FAQ#Official_Support
More Information

Updated: 2019-09-19 15:53:18 UTC (commit d32ebc32606b9517c6fa7d65a15441e2a57a6de5)