CVE-2015-2150
First published: Wed Feb 25 2015(Updated: )
ISSUE DESCRIPTION ================= Guests are currently permitted to modify all of the (writable) bits in the PCI command register of devices passed through to them. This in particular allows them to disable memory and I/O decoding on the device unless the device is an SR-IOV virtual function, in which case subsequent accesses to the respective MMIO or I/O port ranges would - - on PCI Express devices - lead to Unsupported Request responses. The treatmeant of such errors is platform specific. IMPACT ====== In the event that the platform surfaces aforementioned UR responses as Non-Maskable Interrupts, and either the OS is configured to treat NMIs as fatal or (e.g. via ACPI's APEI) the platform tells the OS to treat these errors as fatal, the host would crash, leading to a Denial of Service. VULNERABLE SYSTEMS ================== Xen versions 3.3 and onwards are vulnerable due to supporting PCI pass-through. Upstream Linux versions 3.1 and onwards are vulnerable due to supporting PCI backend functionality. Other Linux versions as well as other OS versions may be vulnerable too. Any domain which is given access to a non-SR-IOV virtual function PCI Express device can take advantage of this vulnerability. MITIGATION ========== This issue can be avoided by not assigning PCI Express devices other than SR-IOV virtual functions to untrusted guests. RESOLUTION ========== Applying the attached patch resolves this issue for upstream Linux. xsa120.patch Linux 3.19 $ sha256sum xsa120*.patch 5167215293d4a8a05f090fca5b20eb5878213a0158a0e7a12c245553db81a855 xsa120.patch
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/linux | 5.10.223-1 5.10.226-1 6.1.123-1 6.1.128-1 6.12.12-1 6.12.16-1 | |
| Ubuntu | =12.04 | |
| Xen xen-unstable | =3.3.0 | |
| Xen xen-unstable | =3.3.1 | |
| Xen xen-unstable | =3.3.2 | |
| Xen xen-unstable | =3.4.0 | |
| Xen xen-unstable | =3.4.1 | |
| Xen xen-unstable | =3.4.2 | |
| Xen xen-unstable | =3.4.3 | |
| Xen xen-unstable | =3.4.4 | |
| Xen xen-unstable | =4.0.0 | |
| Xen xen-unstable | =4.0.1 | |
| Xen xen-unstable | =4.0.2 | |
| Xen xen-unstable | =4.0.3 | |
| Xen xen-unstable | =4.0.4 | |
| Xen xen-unstable | =4.1.0 | |
| Xen xen-unstable | =4.1.1 | |
| Xen xen-unstable | =4.1.2 | |
| Xen xen-unstable | =4.1.3 | |
| Xen xen-unstable | =4.1.4 | |
| Xen xen-unstable | =4.1.5 | |
| Xen xen-unstable | =4.1.6.1 | |
| Xen xen-unstable | =4.2.0 | |
| Xen xen-unstable | =4.2.1 | |
| Xen xen-unstable | =4.2.2 | |
| Xen xen-unstable | =4.2.3 | |
| Xen xen-unstable | =4.3.0 | |
| Xen xen-unstable | =4.3.1 | |
| Xen xen-unstable | =4.4.0 | |
| Xen xen-unstable | =4.4.0-rc1 | |
| Xen xen-unstable | =4.4.1 | |
| Xen xen-unstable | =4.5.0 | |
| Linux kernel | <=3.19.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=af6fc858a35b90e89ea7a7ee58e66628c55c776b
- http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155804.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155854.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155908.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152747.html
- http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.html
- http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.html
- http://www.debian.org/security/2015/dsa-3237
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www.securityfocus.com/bid/73014
- http://www.securitytracker.com/id/1031806
- http://www.securitytracker.com/id/1031902
- http://www.ubuntu.com/usn/USN-2631-1
- http://www.ubuntu.com/usn/USN-2632-1
- http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-423503.htm
- http://xenbits.xen.org/xsa/advisory-120.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1196266
- https://github.com/torvalds/linux/commit/af6fc858a35b90e89ea7a7ee58e66628c55c776b
- https://seclists.org/bugtraq/2019/Aug/18
- https://launchpad.net/bugs/cve/CVE-2015-2150
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=995253
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=995253&action=edit
- https://access.redhat.com/support/policy/updates/errata/
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1200397
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1009512
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1009512&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1009513
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1009513&action=edit
- http://xenbits.xen.org/xsa/advisory-157.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1292439
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=af6fc858a35b90e89ea7a7ee58e66628c55c776b
- https://security-tracker.debian.org/tracker/CVE-2015-2150
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2150
- https://nvd.nist.gov/vuln/detail/CVE-2015-2150
- https://ubuntu.com/security/CVE-2015-2150
Frequently Asked Questions
What is the severity of CVE-2015-2150?
The severity of CVE-2015-2150 is classified as moderate due to potential exploitation leading to unauthorized modification of device settings.
How do I fix CVE-2015-2150?
To fix CVE-2015-2150, upgrade to a patched version of the affected software as listed in the remediation details.
Which software versions are affected by CVE-2015-2150?
CVE-2015-2150 affects specific versions of Ubuntu 12.04 and various versions of Xen from 3.3.0 to 4.5.0.
What type of vulnerability is CVE-2015-2150?
CVE-2015-2150 is a privilege escalation vulnerability allowing guests to modify PCI command registers.
Can CVE-2015-2150 affect virtualized environments?
Yes, CVE-2015-2150 can affect virtualized environments, specifically those using Xen hypervisor.
- agent/type
- agent/first-publish-date
- agent/remedy
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2015-2150
- agent/weakness
- agent/severity
- collector/mitre-cve
- source/MITRE
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/description
- agent/last-modified-date
- agent/trending
- agent/source
- agent/event
- agent/author
- agent/tags
- agent/softwarecombine
- collector/security-tracker-debian
- source/Debian
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- package-manager/debian
- vendor/ubuntu
- canonical/ubuntu
- version/ubuntu/12.04
- vendor/xen
- canonical/xen xen-unstable
- version/xen xen-unstable/3.3.0
- version/xen xen-unstable/3.3.1
- version/xen xen-unstable/3.3.2
- version/xen xen-unstable/3.4.0
- version/xen xen-unstable/3.4.1
- version/xen xen-unstable/3.4.2
- version/xen xen-unstable/3.4.3
- version/xen xen-unstable/3.4.4
- version/xen xen-unstable/4.0.0
- version/xen xen-unstable/4.0.1
- version/xen xen-unstable/4.0.2
- version/xen xen-unstable/4.0.3
- version/xen xen-unstable/4.0.4
- version/xen xen-unstable/4.1.0
- version/xen xen-unstable/4.1.1
- version/xen xen-unstable/4.1.2
- version/xen xen-unstable/4.1.3
- version/xen xen-unstable/4.1.4
- version/xen xen-unstable/4.1.5
- version/xen xen-unstable/4.1.6.1
- version/xen xen-unstable/4.2.0
- version/xen xen-unstable/4.2.1
- version/xen xen-unstable/4.2.2
- version/xen xen-unstable/4.2.3
- version/xen xen-unstable/4.3.0
- version/xen xen-unstable/4.3.1
- version/xen xen-unstable/4.4.0
- version/xen xen-unstable/4.4.0-rc1
- version/xen xen-unstable/4.4.1
- version/xen xen-unstable/4.5.0
- vendor/linux
- canonical/linux kernel
- version/linux kernel/3.19.1