CVE-2015-8104
Published: 16 November 2015
The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c.
From the Ubuntu security team
Jan Beulich discovered that the KVM svm hypervisor implementation in the Linux kernel did not properly catch Debug exceptions on AMD processors. An attacker in a guest virtual machine could use this to cause a denial of service (system crash) in the host OS.
Priority
Medium
Status
| Package | Release | Status |
|---|---|---|
|
linux Launchpad, Ubuntu, Debian |
upstream |
Released
(4.4~rc1)
|
|
linux-armadaxp Launchpad, Ubuntu, Debian |
upstream |
Not vulnerable
(x86 only)
|
|
linux-aws Launchpad, Ubuntu, Debian |
upstream |
Released
(4.4~rc1)
|
|
linux-ec2 Launchpad, Ubuntu, Debian |
upstream |
Released
(4.4~rc1)
|
|
linux-flo Launchpad, Ubuntu, Debian |
upstream |
Not vulnerable
(x86 only)
|
|
linux-fsl-imx51 Launchpad, Ubuntu, Debian |
upstream |
Not vulnerable
(x86 only)
|
|
linux-gke Launchpad, Ubuntu, Debian |
upstream |
Released
(4.4~rc1)
|
|
linux-goldfish Launchpad, Ubuntu, Debian |
upstream |
Released
(4.4~rc1)
|
|
linux-grouper Launchpad, Ubuntu, Debian |
upstream |
Not vulnerable
(x86 only)
|
|
linux-hwe Launchpad, Ubuntu, Debian |
upstream |
Released
(4.4~rc1)
|
|
linux-hwe-edge Launchpad, Ubuntu, Debian |
upstream |
Released
(4.4~rc1)
|
|
linux-linaro-omap Launchpad, Ubuntu, Debian |
upstream |
Not vulnerable
(x86 only)
|
|
linux-linaro-shared Launchpad, Ubuntu, Debian |
upstream |
Not vulnerable
(x86 only)
|
|
linux-linaro-vexpress Launchpad, Ubuntu, Debian |
upstream |
Not vulnerable
(x86 only)
|
|
linux-lts-quantal Launchpad, Ubuntu, Debian |
upstream |
Released
(4.4~rc1)
|
|
linux-lts-raring Launchpad, Ubuntu, Debian |
upstream |
Released
(4.4~rc1)
|
|
linux-lts-saucy Launchpad, Ubuntu, Debian |
upstream |
Released
(4.4~rc1)
|
|
linux-lts-trusty Launchpad, Ubuntu, Debian |
upstream |
Released
(4.4~rc1)
|
|
linux-lts-utopic Launchpad, Ubuntu, Debian |
upstream |
Released
(4.4~rc1)
|
|
linux-lts-vivid Launchpad, Ubuntu, Debian |
upstream |
Released
(4.4~rc1)
|
|
linux-lts-wily Launchpad, Ubuntu, Debian |
upstream |
Released
(4.4~rc1)
|
|
linux-lts-xenial Launchpad, Ubuntu, Debian |
upstream |
Released
(4.4~rc1)
|
|
linux-maguro Launchpad, Ubuntu, Debian |
upstream |
Not vulnerable
(x86 only)
|
|
linux-mako Launchpad, Ubuntu, Debian |
upstream |
Not vulnerable
(x86 only)
|
|
linux-manta Launchpad, Ubuntu, Debian |
upstream |
Not vulnerable
(x86 only)
|
|
linux-mvl-dove Launchpad, Ubuntu, Debian |
upstream |
Released
(4.4~rc1)
|
|
linux-qcm-msm Launchpad, Ubuntu, Debian |
upstream |
Not vulnerable
(x86 only)
|
|
linux-raspi2 Launchpad, Ubuntu, Debian |
upstream |
Not vulnerable
(x86 only)
|
|
linux-snapdragon Launchpad, Ubuntu, Debian |
upstream |
Released
(4.4~rc1)
|
|
linux-ti-omap4 Launchpad, Ubuntu, Debian |
upstream |
Released
(4.4~rc1)
|
|
virtualbox Launchpad, Ubuntu, Debian |
upstream |
Released
(5.0.14-dfsg-1)
|
|
xen Launchpad, Ubuntu, Debian |
upstream |
Released
|
Notes
| Author | Note |
|---|---|
| sbeattie | for linux kernel, only affects AMD processors (svm) |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8104
- http://xenbits.xen.org/xsa/advisory-156.html
- https://ubuntu.com/security/notices/USN-2841-2
- https://ubuntu.com/security/notices/USN-2841-1
- https://ubuntu.com/security/notices/USN-2843-1
- https://ubuntu.com/security/notices/USN-2842-1
- https://ubuntu.com/security/notices/USN-2842-2
- https://ubuntu.com/security/notices/USN-2844-1
- https://ubuntu.com/security/notices/USN-2840-1
- https://ubuntu.com/security/notices/USN-2843-2
- NVD
- Launchpad
- Debian