CVE-2015-0777
Xen - Information Exposure via Uninitialized Memory in usbback Driver
Title source: llmDescription
drivers/xen/usbback/usbback.c in linux-2.6.18-xen-3.4.0 (aka the Xen 3.4.x support patches for the Linux kernel 2.6.18), as used in the Linux kernel 2.6.x and 3.x in SUSE Linux distributions, allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory via unspecified vectors.
References (6)
Core 6
Core References
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00001.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/73921
Issue Tracking x_refsource_confirm
https://bugzilla.novell.com/show_bug.cgi?id=917830
Scores
EPSS
0.0013
EPSS Percentile
31.9%
Details
CWE
CWE-200
Status
published
Products (5)
xen/xen
3.4.0
xen/xen
3.4.1
xen/xen
3.4.2
xen/xen
3.4.3
xen/xen
3.4.4
Published
Apr 05, 2015
Tracked Since
Feb 18, 2026