Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2015-8553

Опубликовано: 13 апр. 2016
Источник: debian
EPSS Низкий

Описание

Xen allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory by not enabling memory and I/O decoding control bits. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0777.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
linuxfixed4.19.37-1package
linuxignoredjessiepackage
linuxignoredwheezypackage
linux-2.6removedpackage
linux-2.6no-dsasqueezepackage

Примечания

  • CVE for the incomplete patches from XSA-120 and supplied in

  • XSA-120 v5+ addendum patch.

  • Cf. https://bugzilla.redhat.com/show_bug.cgi?id=1289128#c2

  • http://xenbits.xen.org/xsa/advisory-120.html

  • Patch is discussed in http://thread.gmane.org/gmane.comp.emulators.xen.devel/140440/focus=140441

  • and http://thread.gmane.org/gmane.linux.kernel/1924087/focus=1924088

  • https://git.kernel.org/linus/7681f31ec9cdacab4fd10570be924f2cef6669ba

EPSS

Процентиль: 50%
0.00273
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2015-8553

CVSS3: 6.5
ubuntu
почти 10 лет назад

Xen allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory by not enabling memory and I/O decoding control bits. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0777.

redhat логотип

CVE-2015-8553

redhat
почти 11 лет назад

Xen allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory by not enabling memory and I/O decoding control bits. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0777.

nvd логотип

CVE-2015-8553

CVSS3: 6.5
nvd
почти 10 лет назад

Xen allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory by not enabling memory and I/O decoding control bits. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0777.

github логотип

GHSA-p4j9-qwcx-6mjj

CVSS3: 6.5
github
больше 3 лет назад

Xen allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory by not enabling memory and I/O decoding control bits. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0777.

fstec логотип

BDU:2019-03631

CVSS3: 6.5
fstec
почти 10 лет назад

Уязвимость гипервизора Xen, связанная с ошибкой при обработке чисел, позволяющая нарушителю получить несанкционированный доступ к информации

EPSS

Процентиль: 50%
0.00273
Низкий