CVE-2015-2044

medium

Description

The emulation routines for unspecified X86 devices in Xen 3.2.x through 4.5.x does not properly initialize data, which allow local HVM guest users to obtain sensitive information via vectors involving an unsupported access size.

References

https://security.gentoo.org/glsa/201504-04

http://xenbits.xen.org/xsa/advisory-121.html

http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-423503.htm

http://www.securitytracker.com/id/1031836

http://www.securitytracker.com/id/1031806

http://www.securityfocus.com/bid/72954

http://www.debian.org/security/2015/dsa-3181

http://support.citrix.com/article/CTX200484

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00014.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152776.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152588.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152483.html

Details

Source: Mitre, NVD

Published: 2015-03-12

Updated: 2018-10-30

Risk Information

CVSS v2

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Severity: Medium

Detections

Analytics