The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c.
2015-11-16T11:59:12.043
2025-04-23T16:15:20.013
Deferred
CVSSv3.1: 10.0 (CRITICAL)
AV:L/AC:M/Au:N/C:N/I:N/A:C
3.4
6.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | xen | xen | 4.3.0 | Yes |
| Operating System | xen | xen | 4.3.1 | Yes |
| Operating System | xen | xen | 4.3.2 | Yes |
| Operating System | xen | xen | 4.3.3 | Yes |
| Operating System | xen | xen | 4.3.4 | Yes |
| Operating System | xen | xen | 4.4.0 | Yes |
| Operating System | xen | xen | 4.4.1 | Yes |
| Operating System | xen | xen | 4.4.2 | Yes |
| Operating System | xen | xen | 4.4.3 | Yes |
| Operating System | xen | xen | 4.5.0 | Yes |
| Operating System | xen | xen | 4.5.1 | Yes |
| Operating System | xen | xen | 4.5.2 | Yes |
| Operating System | xen | xen | 4.6.0 | Yes |
| Operating System | xen | xen | 4.6.1 | Yes |
| Operating System | xen | xen | 4.6.2 | Yes |
| Operating System | xen | xen | 4.6.4 | Yes |
| Operating System | xen | xen | 4.6.5 | Yes |
| Operating System | oracle | solaris | 11.3 | Yes |
| Application | oracle | vm_virtualbox | ≤ 4.0.34 | Yes |
| Application | oracle | vm_virtualbox | ≤ 4.1.42 | Yes |
| Application | oracle | vm_virtualbox | ≤ 4.2.34 | Yes |
| Application | oracle | vm_virtualbox | ≤ 4.3.35 | Yes |
| Application | oracle | vm_virtualbox | ≤ 5.0.13 | Yes |
| Operating System | linux | linux_kernel | ≤ 4.2.3 | Yes |
| Operating System | debian | debian_linux | 7.0 | Yes |
| Operating System | debian | debian_linux | 8.0 | Yes |
| Operating System | debian | debian_linux | 9.0 | Yes |
| Operating System | canonical | ubuntu_linux | 12.04 | Yes |
| Operating System | canonical | ubuntu_linux | 14.04 | Yes |
| Operating System | canonical | ubuntu_linux | 15.04 | Yes |