CVE-2015-2044

Xen 3.2.x-4.5.x - Information Exposure via Uninitialized Data in X86 Device Emulation

Title source: llm
STIX 2.1

Description

The emulation routines for unspecified X86 devices in Xen 3.2.x through 4.5.x does not properly initialize data, which allow local HVM guest users to obtain sensitive information via vectors involving an unsupported access size.

References (12)

Core 12
Core References
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201504-04
Vendor Advisory x_refsource_confirm
http://support.citrix.com/article/CTX200484
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152776.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152588.html
Various Sources x_refsource_confirm
http://xenbits.xen.org/xsa/advisory-121.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1031836
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/72954
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2015/dsa-3181
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152483.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1031806

Scores

EPSS 0.0008
EPSS Percentile 23.8%

Details

CWE
CWE-200
Status published
Products (33)
xen/xen 3.2.0
xen/xen 3.2.1
xen/xen 3.2.2
xen/xen 3.2.3
xen/xen 3.3.0
xen/xen 3.3.1
xen/xen 3.3.2
xen/xen 3.4.0
xen/xen 3.4.1
xen/xen 3.4.2
... and 23 more
Published Mar 12, 2015
Tracked Since Feb 18, 2026