DEBIAN-CVE-2015-2756

DEBIAN-CVE-2015-2756 PUBLISHED CVSS 8.699999809265137 HIGH

QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict access to PCI command registers, which might allow local HVM guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response.

Risk Scores

CVSS v4.0

8.699999809265137

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products

Vendor	Product	Versions
Debian:13	xen	0, 0, 0
Debian:11	qemu	0, 0, 0
Debian:11	xen	0, 0, 0
Debian:13	qemu	0, 0, 0
Debian:14	xen	0, 0, 0
Debian:12	xen	0, 0, 0
Debian:12	qemu	0, 0, 0
Debian:14	qemu	0, 0, 0

Timeline

Apr 1, 2015 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2015-2756 advisory

Open in Interactive Console →