CVE-2015-8550
Published: 17 December 2015
Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service (host OS crash) or gain privileges by writing to memory shared between the frontend and backend, aka a double fetch vulnerability.
From the Ubuntu security team
Felix Wilhelm discovered a race condition in the Xen paravirtualized drivers which can cause double fetch vulnerabilities. An attacker in the paravirtualized guest could exploit this flaw to cause a denial of service (crash the host) or potentially execute arbitrary code on the host.
Priority
CVSS 3 base score: 8.2
Status
Package | Release | Status |
---|---|---|
linux Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.4~rc6)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(4.4.0-2.16)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Released
(3.13.0-74.118)
|
|
Patches: Introduced by 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Fixed by 454d5d882c7e412b840e3c99010fe81a9862f6fb Introduced by 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Fixed by 0f589967a73f1f30ab4ac4dd9ce0bb399b4d6357 Introduced by 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Fixed by 68a33bfd8403e4e22847165d149823a2e0e67c9c Introduced by 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Fixed by 1f13d75ccb806260079e0679d55d9253e370ec8a Introduced by 402b27f9f2c22309d5bb285628765bc27b82fcf5 Fixed by 18779149101c0dd43ded43669ae2a92d21b6f9cb Introduced by d9d660f6e562a47b4065eeb7e538910b0471b988 Fixed by be69746ec12f35b484707da505c6c76ff06f97dc Introduced by 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Fixed by 8135cf8b092723dbfcc611fe6fdcb3a36c9951c5 |
||
linux-armadaxp Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.4~rc6)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
This package is not directly supported by the Ubuntu Security Team | ||
linux-aws Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.4~rc6)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(4.4.0-1001.10)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Not vulnerable
(4.4.0-1002.2)
|
|
linux-ec2 Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.4~rc6)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-flo Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.4~rc6)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Ignored
(abandoned)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was ignored)
|
|
linux-fsl-imx51 Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.4~rc6)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-gke Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.4~rc6)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(4.4.0-1003.3)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-goldfish Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.4~rc6)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Ignored
(abandoned)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was ignored)
|
|
linux-grouper Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.4~rc6)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was ignored)
|
|
linux-hwe Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.4~rc6)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(4.8.0-36.36~16.04.1)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-hwe-edge Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.4~rc6)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(4.8.0-36.36~16.04.1)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-linaro-omap Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.4~rc6)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-linaro-shared Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.4~rc6)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-linaro-vexpress Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.4~rc6)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-lts-quantal Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.4~rc6)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
This package is not directly supported by the Ubuntu Security Team | ||
linux-lts-raring Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.4~rc6)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-lts-saucy Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.4~rc6)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
This package is not directly supported by the Ubuntu Security Team | ||
linux-lts-trusty Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.4~rc6)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-lts-utopic Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.4~rc6)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was released [3.16.0-57.77~14.04.1])
|
|
linux-lts-vivid Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.4~rc6)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was released [3.19.0-42.48~14.04.1])
|
|
linux-lts-wily Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.4~rc6)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was released [4.2.0-22.27~14.04.1])
|
|
linux-lts-xenial Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.4~rc6)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Not vulnerable
(4.4.0-13.29~14.04.1)
|
|
linux-maguro Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.4~rc6)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was ignored)
|
|
linux-mako Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.4~rc6)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Ignored
(abandoned)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was ignored)
|
|
linux-manta Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.4~rc6)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was ignored)
|
|
linux-mvl-dove Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.4~rc6)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-qcm-msm Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.4~rc6)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-raspi2 Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.4~rc6)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(4.4.0-1003.4)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-snapdragon Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.4~rc6)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(4.4.0-1012.12)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-ti-omap4 Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.4~rc6)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
qemu Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Released
(1:2.5+dfsg-1ubuntu5)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Released
(2.0.0+dfsg-2ubuntu1.22)
|
|
Patches: Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=f9e98e5d7a67367b862941e339a98b8322fa0cea Upstream: http://git.qemu.org/?p=qemu.git;a=commit;h=7ea11bf376aea4bf8340eb363de9777c7f93e556 |
||
qemu-kvm Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
xen Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Released
(4.6.0-1ubuntu2)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was released [4.4.2-0ubuntu0.14.04.4])
|
|
Binaries built from this source package are in Universe and so are supported by the community. |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8550
- http://xenbits.xen.org/xsa/advisory-155.html
- https://usn.ubuntu.com/usn/usn-2846-1
- https://usn.ubuntu.com/usn/usn-2847-1
- https://usn.ubuntu.com/usn/usn-2848-1
- https://usn.ubuntu.com/usn/usn-2849-1
- https://usn.ubuntu.com/usn/usn-2850-1
- https://usn.ubuntu.com/usn/usn-2851-1
- https://usn.ubuntu.com/usn/usn-2853-1
- https://usn.ubuntu.com/usn/usn-2854-1
- https://usn.ubuntu.com/usn/usn-2886-2
- https://usn.ubuntu.com/usn/usn-2891-1
- NVD
- Launchpad
- Debian