CVE-2015-2044

low
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The emulation routines for unspecified X86 devices in Xen 3.2.x through 4.5.x does not properly initialize data, which allow local HVM guest users to obtain sensitive information via vectors involving an unsupported access size.

References

http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152483.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152588.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152776.html

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00014.html

http://support.citrix.com/article/CTX200484

http://www.debian.org/security/2015/dsa-3181

http://www.securityfocus.com/bid/72954

http://www.securitytracker.com/id/1031806

http://www.securitytracker.com/id/1031836

http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-423503.htm

http://xenbits.xen.org/xsa/advisory-121.html

https://security.gentoo.org/glsa/201504-04

Details

Source: MITRE

Published: 2015-03-12

Updated: 2018-10-30

Type: CWE-200

Risk Information

CVSS v2

Base Score: 2.1

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 3.9

Severity: LOW

Tenable Plugins

View all (20 total)

IDNameProductFamilySeverity
140019OracleVM 3.4 : xen (OVMSA-2020-0039) (Bunker Buster) (Foreshadow) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) (Meltdown) (POODLE) (Spectre)NessusOracleVM Local Security Checks
critical
111992OracleVM 3.4 : xen (OVMSA-2018-0248) (Bunker Buster) (Foreshadow) (Meltdown) (POODLE) (Spectre)NessusOracleVM Local Security Checks
critical
84701FreeBSD : xen-kernel -- Information leak via internal x86 system device emulation (5023f559-27e2-11e5-a4a5-002590263bf5)NessusFreeBSD Local Security Checks
low
84333openSUSE Security Update : xen (openSUSE-2015-434) (Venom)NessusSuSE Local Security Checks
high
84140OracleVM 3.2 : xen (OVMSA-2015-0068) (POODLE) (Venom)NessusOracleVM Local Security Checks
low
83720SUSE SLED11 / SLES11 Security Update : Xen (SUSE-SU-2015:0747-1)NessusSuSE Local Security Checks
high
83719SUSE SLES11 Security Update : Xen (SUSE-SU-2015:0746-1)NessusSuSE Local Security Checks
high
83718SUSE SLES11 Security Update : Xen (SUSE-SU-2015:0745-1)NessusSuSE Local Security Checks
high
83717SUSE SLES10 Security Update : Xen (SUSE-SU-2015:0744-1)NessusSuSE Local Security Checks
high
83707SUSE SLED12 / SLES12 Security Update : Xen (SUSE-SU-2015:0613-1)NessusSuSE Local Security Checks
high
82990SuSE 11.3 Security Update : Xen (SAT Patch Number 10560)NessusSuSE Local Security Checks
high
82907openSUSE Security Update : xen (openSUSE-2015-314)NessusSuSE Local Security Checks
high
82734GLSA-201504-04 : Xen: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
82054Fedora 21 : xen-4.4.1-16.fc21 (2015-3944)NessusFedora Local Security Checks
high
82051Fedora 20 : xen-4.3.3-12.fc20 (2015-3721)NessusFedora Local Security Checks
high
81987Fedora 22 : xen-4.5.0-6.fc22 (2015-3935)NessusFedora Local Security Checks
high
81748Debian DSA-3181-1 : xen - security updateNessusDebian Local Security Checks
high
81696OracleVM 3.2 : xen (OVMSA-2015-0028)NessusOracleVM Local Security Checks
medium
81695OracleVM 2.2 : xen (OVMSA-2015-0027)NessusOracleVM Local Security Checks
low
81694OracleVM 3.3 : xen (OVMSA-2015-0026)NessusOracleVM Local Security Checks
low