CVE-2015-2044

Description

The emulation routines for unspecified X86 devices in Xen 3.2.x through 4.5.x does not properly initialize data, which allow local HVM guest users to obtain sensitive information via vectors involving an unsupported access size.

CVSS Metrics

• v2.0•LOW•Score: 2.1AV:L/AC:L/Au:N/C:P/I:N/A:N

EPSS Trends

Current EPSS score: 0.08%• Percentile: 24%

Techniques & Countermeasures

• CWE-200•Exposure of Sensitive Information to an Unauthorized Actor

  The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Affected Systems

• xen•xen

  3.2.0 | 3.2.1 | 3.2.2 | 3.2.3 | 3.3.0 | 3.3.1 | 3.3.2 | 3.4.0 | 3.4.1 | 3.4.2 | 3.4.3 | 3.4.4 | 4.0.0 | 4.0.1 | 4.0.2 | 4.0.3 | 4.0.4 | 4.1.0 | 4.1.1 | 4.1.2 | 4.1.3 | 4.1.4 | 4.1.5 | 4.1.6.1 | 4.2.0 | 4.2.1 | 4.2.2 | 4.2.3 | 4.3.0 | 4.3.1 | 4.4.0 | 4.4.0:rc1 | 4.4.1 | 4.5.0

References (12)

• http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-423503.htm
• https://security.gentoo.org/glsa/201504-04
• http://support.citrix.com/article/CTX200484
• http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152776.html
• http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152588.html
• http://xenbits.xen.org/xsa/advisory-121.html
• http://www.securitytracker.com/id/1031836
• http://www.securityfocus.com/bid/72954
• http://www.debian.org/security/2015/dsa-3181
• http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152483.html
• http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00014.html
• http://www.securitytracker.com/id/1031806