CVE-2015-8554 Information

Description

Buffer overflow in hw/pt-msi.c in Xen 4.6.x and earlier when using the qemu-xen-traditional (aka qemu-dm) device model allows local x86 HVM guest administrators to gain privileges by leveraging a system with access to a passed-through MSI-X capable physical PCI device and MSI-X table entries related to a \write path.\

CVSS Vector

CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Reference

http://support.citrix.com/article/CTX203879 http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html http://www.securityfocus.com/bid/79579 http://www.securitytracker.com/id/1034481 http://xenbits.xen.org/xsa/advisory-164.html https://security.gentoo.org/glsa/201604-03

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction Required

HIGH

Scope

NONE

Confidentiality Impact

CHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.5