What is CVE-2015-8104?

CVE-2015-8104 is a critical-severity vulnerability in Linux Linux_kernel, classified under CWE-399. CVSS score: 10.0/10. Published 2015-11-16.

How severe is CVE-2015-8104?

Critical severity. CVSS v3 base score is 10.0 out of 10.

Vulnerability in Linux Linux_kernel

CVE-2015-8104

The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c.

EPSS: 0.003 (56.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 10.0 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H.

Affected products

Linux Linux_kernel
Oracle Solaris — versions 11.3
Oracle Vm_virtualbox
Xen — versions 4.3.0, 4.3.1, 4.3.2
Canonical Ubuntu_linux — versions 12.04, 14.04, 15.04
Debian Debian_linux — versions 7.0, 8.0, 9.0
N/a — versions n/a

Weakness classification (CWE)

CWE-399

References

RHSA-2015:2636 (vendor-advisory, Third Party Advisory)
cve@mitre.org (Third Party Advisory)
USN-2841-2 (vendor-advisory, Third Party Advisory)
FEDORA-2015-f150b2a8c8 (vendor-advisory, Mailing List, Third Party Advisory)
SUSE-SU-2015:2350 (vendor-advisory, Mailing List, Third Party Advisory)
cve@mitre.org (Third Party Advisory)
cve@mitre.org (Issue Tracking, Vendor Advisory)
DSA-3454 (vendor-advisory, Third Party Advisory)
cve@mitre.org (Patch, Third Party Advisory)
RHSA-2015:2645 (vendor-advisory, Third Party Advisory)

Frequently asked questions

What is CVE-2015-8104?: CVE-2015-8104 is a critical-severity vulnerability in Linux Linux_kernel, classified under CWE-399. CVSS score: 10.0/10. Published 2015-11-16.
How severe is CVE-2015-8104?: Critical severity. CVSS v3 base score is 10.0 out of 10.