CVE-2015-2045

low
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The HYPERVISOR_xen_version hypercall in Xen 3.2.x through 4.5.x does not properly initialize data structures, which allows local guest users to obtain sensitive information via unspecified vectors.

References

http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152483.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152588.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152776.html

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00014.html

http://support.citrix.com/article/CTX200484

http://www.debian.org/security/2015/dsa-3181

http://www.securityfocus.com/bid/72955

http://www.securitytracker.com/id/1031806

http://www.securitytracker.com/id/1031837

http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-423503.htm

http://xenbits.xen.org/xsa/advisory-122.html

https://security.gentoo.org/glsa/201504-04

Details

Source: MITRE

Published: 2015-03-12

Updated: 2018-10-30

Type: CWE-200

Risk Information

CVSS v2

Base Score: 2.1

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 3.9

Severity: LOW

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:xen:xen:3.2.0:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:3.2.1:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:3.2.2:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:3.2.3:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:3.3.0:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:3.3.1:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:3.3.2:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:3.4.0:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:3.4.1:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:3.4.2:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:3.4.3:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:3.4.4:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.0.0:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.0.1:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.0.2:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.0.3:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.0.4:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.1.0:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.1.1:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.1.2:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.1.3:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.1.4:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.1.5:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.1.6.1:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.2.1:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.2.2:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.2.3:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.3.0:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.3.1:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.4.0:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.4.0:rc1:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.4.1:-:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.5.0:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

Tenable Plugins

View all (20 total)

IDNameProductFamilySeverity
140019OracleVM 3.4 : xen (OVMSA-2020-0039) (Bunker Buster) (Foreshadow) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) (Meltdown) (POODLE) (Spectre)NessusOracleVM Local Security Checks
critical
111992OracleVM 3.4 : xen (OVMSA-2018-0248) (Bunker Buster) (Foreshadow) (Meltdown) (POODLE) (Spectre)NessusOracleVM Local Security Checks
critical
84716FreeBSD : xen-kernel -- Information leak through version information hypercall (ef9d041e-27e2-11e5-a4a5-002590263bf5)NessusFreeBSD Local Security Checks
low
84333openSUSE Security Update : xen (openSUSE-2015-434) (Venom)NessusSuSE Local Security Checks
high
84140OracleVM 3.2 : xen (OVMSA-2015-0068) (POODLE) (Venom)NessusOracleVM Local Security Checks
low
83720SUSE SLED11 / SLES11 Security Update : Xen (SUSE-SU-2015:0747-1)NessusSuSE Local Security Checks
high
83719SUSE SLES11 Security Update : Xen (SUSE-SU-2015:0746-1)NessusSuSE Local Security Checks
high
83718SUSE SLES11 Security Update : Xen (SUSE-SU-2015:0745-1)NessusSuSE Local Security Checks
high
83717SUSE SLES10 Security Update : Xen (SUSE-SU-2015:0744-1)NessusSuSE Local Security Checks
high
83707SUSE SLED12 / SLES12 Security Update : Xen (SUSE-SU-2015:0613-1)NessusSuSE Local Security Checks
high
82990SuSE 11.3 Security Update : Xen (SAT Patch Number 10560)NessusSuSE Local Security Checks
high
82907openSUSE Security Update : xen (openSUSE-2015-314)NessusSuSE Local Security Checks
high
82734GLSA-201504-04 : Xen: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
82054Fedora 21 : xen-4.4.1-16.fc21 (2015-3944)NessusFedora Local Security Checks
high
82051Fedora 20 : xen-4.3.3-12.fc20 (2015-3721)NessusFedora Local Security Checks
high
81987Fedora 22 : xen-4.5.0-6.fc22 (2015-3935)NessusFedora Local Security Checks
high
81748Debian DSA-3181-1 : xen - security updateNessusDebian Local Security Checks
high
81696OracleVM 3.2 : xen (OVMSA-2015-0028)NessusOracleVM Local Security Checks
medium
81695OracleVM 2.2 : xen (OVMSA-2015-0027)NessusOracleVM Local Security Checks
low
81694OracleVM 3.3 : xen (OVMSA-2015-0026)NessusOracleVM Local Security Checks
low