CVE-2015-2150

Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest OS users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response.

Published: 2015-03-12 Last update: 2026-05-06 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2015-2150 is rated Low Risk (29.7/100): CVSS Medium severity, with low exploitation likelihood (EPSS 0.10%). Monitor for updates and reassess as exploit intelligence or EPSS changes.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2015-2150

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2025-05-18 0.04% 0.10% +0.06%
2 2025-04-16 0.06% 0.04% -0.02%
3 2025-03-30 0.06%

Full EPSS history (6 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2015-2150

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
4.9 2.0 MEDIUM
AV:L/AC:L/Au:N/C:N/I:N/A:C Click to expand
Access vector (AV:L)
Requires local access to the target system.
Access complexity (AC:L)
Exploitation conditions are straightforward and predictable.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:N)
No confidentiality impact.
Integrity impact (I:N)
No integrity impact.
Availability impact (A:C)
Complete availability impact.
 3.9 6.9 [email protected]

Weakness enumeration for CVE-2015-2150

OS Trackers for CVE-2015-2150

vendor priority summary link
debian not yet assigned CVE-2015-2150 not yet assigned priority: Debian including 1 source packages (linux), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5. https://security-tracker.debian.org/tracker/CVE-2015-2150
redhat medium https://access.redhat.com/security/cve/CVE-2015-2150
ubuntu medium CVE-2015-2150 medium priority: Ubuntu including 102 source packages (linux, linux-armadaxp, …), 921 status rows across 16 suites (artful, bionic, focal, jammy, lucid, noble, plucky, precise, trusty, upstream, utopic, vivid, wily, xenial, yakkety, zesty): DNE 625, not-affected 140, released 109, ignored 47. https://ubuntu.com/security/CVE-2015-2150

Affected software / configurations for CVE-2015-2150

Vendor Product Version Raw CPE
ubuntu ubuntu 12.04 cpe:2.3:o:ubuntu:ubuntu:12.04:*:lts:*:*:*:*:*
xen xen 3.3.0 cpe:2.3:o:xen:xen:3.3.0:*:*:*:*:*:*:*
xen xen 3.3.1 cpe:2.3:o:xen:xen:3.3.1:*:*:*:*:*:*:*
xen xen 3.3.2 cpe:2.3:o:xen:xen:3.3.2:*:*:*:*:*:*:*
xen xen 3.4.0 cpe:2.3:o:xen:xen:3.4.0:*:*:*:*:*:*:*
xen xen 3.4.1 cpe:2.3:o:xen:xen:3.4.1:*:*:*:*:*:*:*
xen xen 3.4.2 cpe:2.3:o:xen:xen:3.4.2:*:*:*:*:*:*:*
xen xen 3.4.3 cpe:2.3:o:xen:xen:3.4.3:*:*:*:*:*:*:*
xen xen 3.4.4 cpe:2.3:o:xen:xen:3.4.4:*:*:*:*:*:*:*
xen xen 4.0.0 cpe:2.3:o:xen:xen:4.0.0:*:*:*:*:*:*:*
xen xen 4.0.1 cpe:2.3:o:xen:xen:4.0.1:*:*:*:*:*:*:*
xen xen 4.0.2 cpe:2.3:o:xen:xen:4.0.2:*:*:*:*:*:*:*
xen xen 4.0.3 cpe:2.3:o:xen:xen:4.0.3:*:*:*:*:*:*:*
xen xen 4.0.4 cpe:2.3:o:xen:xen:4.0.4:*:*:*:*:*:*:*
xen xen 4.1.0 cpe:2.3:o:xen:xen:4.1.0:*:*:*:*:*:*:*
xen xen 4.1.1 cpe:2.3:o:xen:xen:4.1.1:*:*:*:*:*:*:*
xen xen 4.1.2 cpe:2.3:o:xen:xen:4.1.2:*:*:*:*:*:*:*
xen xen 4.1.3 cpe:2.3:o:xen:xen:4.1.3:*:*:*:*:*:*:*
xen xen 4.1.4 cpe:2.3:o:xen:xen:4.1.4:*:*:*:*:*:*:*
xen xen 4.1.5 cpe:2.3:o:xen:xen:4.1.5:*:*:*:*:*:*:*
xen xen 4.1.6.1 cpe:2.3:o:xen:xen:4.1.6.1:*:*:*:*:*:*:*
xen xen 4.2.0 cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:*:*
xen xen 4.2.1 cpe:2.3:o:xen:xen:4.2.1:*:*:*:*:*:*:*
xen xen 4.2.2 cpe:2.3:o:xen:xen:4.2.2:*:*:*:*:*:*:*
xen xen 4.2.3 cpe:2.3:o:xen:xen:4.2.3:*:*:*:*:*:*:*
xen xen 4.3.0 cpe:2.3:o:xen:xen:4.3.0:*:*:*:*:*:*:*
xen xen 4.3.1 cpe:2.3:o:xen:xen:4.3.1:*:*:*:*:*:*:*
xen xen 4.4.0 cpe:2.3:o:xen:xen:4.4.0:*:*:*:*:*:*:*
xen xen 4.4.0 cpe:2.3:o:xen:xen:4.4.0:rc1:*:*:*:*:*:*
xen xen 4.4.1 cpe:2.3:o:xen:xen:4.4.1:-:*:*:*:*:*:*
xen xen 4.5.0 cpe:2.3:o:xen:xen:4.5.0:*:*:*:*:*:*:*
linux linux_kernel <= 3.19.1 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

References for CVE-2015-2150

URL Tags
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=af6fc858a35b90e89ea7a7ee58e66628c55c776b
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155804.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155854.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155908.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152747.html
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.html
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.html
http://www.debian.org/security/2015/dsa-3237
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://www.securityfocus.com/bid/73014
http://www.securitytracker.com/id/1031806
http://www.securitytracker.com/id/1031902
http://www.ubuntu.com/usn/USN-2631-1
http://www.ubuntu.com/usn/USN-2632-1
http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-423503.htm
http://xenbits.xen.org/xsa/advisory-120.html Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1196266
https://github.com/torvalds/linux/commit/af6fc858a35b90e89ea7a7ee58e66628c55c776b
https://seclists.org/bugtraq/2019/Aug/18
cvelogic Threat Intelligence