CVE-2015-8104 — CRITICAL (10.0)

Q: How severe is CVE-2015-8104?

CVE-2015-8104 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2015-8104?

Check the references section above for vendor advisories and patch information. Affected products include: Xen Xen, Oracle Solaris, Oracle Vm Virtualbox, Linux Linux Kernel, Debian Debian Linux.

Vulnerability Description

The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c.

CVSS Score

10.0

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Xen	Xen	4.3.0
Oracle	Solaris	11.3
Oracle	Vm Virtualbox	>= 4.0.0, <= 4.0.34
Linux	Linux Kernel	<= 4.2.3
Debian	Debian Linux	7.0
Canonical	Ubuntu Linux	12.04

Related Weaknesses (CWE)

CWE-399

References

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cbdb96Issue TrackingPatchVendor Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172187.hMailing ListThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172300.hMailing ListThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172435.hMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00035.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00013.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-updates/2015-12/msg00039.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-updates/2015-12/msg00053.htmlMailing ListThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-2636.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-2645.htmlThird Party Advisory

FAQ

What is CVE-2015-8104?

CVE-2015-8104 is a vulnerability with a CVSS score of 10.0 (CRITICAL). The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptio...

How severe is CVE-2015-8104?

CVE-2015-8104 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2015-8104?

Check the references section above for vendor advisories and patch information. Affected products include: Xen Xen, Oracle Solaris, Oracle Vm Virtualbox, Linux Linux Kernel, Debian Debian Linux.