{
  "threat_severity" : "Moderate",
  "public_date" : "2015-03-10T00:00:00Z",
  "bugzilla" : {
    "description" : "xen: non-maskable interrupts triggerable by guests (xsa120)",
    "id" : "1196266",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1196266"
  },
  "cvss" : {
    "cvss_base_score" : "5.2",
    "cvss_scoring_vector" : "AV:A/AC:M/Au:S/C:N/I:N/A:C",
    "status" : "draft"
  },
  "details" : [ "Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest OS users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response." ],
  "statement" : "This issue does affect the Dom0 Xen kernel as shipped with Red Hat Enterprise Linux 5.\nRed Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.",
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Will not fix",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2015-2150\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2150\nhttp://xenbits.xen.org/xsa/advisory-120.html" ],
  "name" : "CVE-2015-2150",
  "csaw" : false
}