CVE-2015-2045

Опубликовано: 12 мар. 2015

Источник: nvd

CVSS2: 2.1

EPSS Низкий

Описание

The HYPERVISOR_xen_version hypercall in Xen 3.2.x through 4.5.x does not properly initialize data structures, which allows local guest users to obtain sensitive information via unspecified vectors.

Ссылки

http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152483.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152588.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152776.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00014.html
http://support.citrix.com/article/CTX200484
http://www.debian.org/security/2015/dsa-3181
Third Party Advisory
http://www.securityfocus.com/bid/72955
http://www.securitytracker.com/id/1031806
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1031837
Third Party Advisory
VDB Entry
http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-423503.htm
http://xenbits.xen.org/xsa/advisory-122.html
Patch
Vendor Advisory
https://security.gentoo.org/glsa/201504-04
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152483.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152588.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152776.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00014.html
http://support.citrix.com/article/CTX200484
http://www.debian.org/security/2015/dsa-3181
Third Party Advisory
http://www.securityfocus.com/bid/72955
http://www.securitytracker.com/id/1031806
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:xen:xen:3.2.0:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:3.2.1:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:3.2.2:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:3.2.3:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:3.3.0:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:3.3.1:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:3.3.2:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:3.4.0:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:3.4.1:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:3.4.2:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:3.4.3:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:3.4.4:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.0.0:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.0.1:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.0.2:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.0.3:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.0.4:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.1.0:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.1.1:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.1.2:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.1.3:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.1.4:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.1.5:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.1.6.1:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.2.1:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.2.2:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.2.3:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.3.0:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.3.1:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.4.0:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.4.0:rc1:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.4.1:-:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.5.0:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*

Конфигурация 3

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

EPSS

Процентиль: 23%

0.00076

Низкий

2.1 Low

CVSS2

Дефекты

CWE-200

Связанные уязвимости

CVE-2015-2045

ubuntu

почти 11 лет назад

The HYPERVISOR_xen_version hypercall in Xen 3.2.x through 4.5.x does not properly initialize data structures, which allows local guest users to obtain sensitive information via unspecified vectors.

CVE-2015-2045

redhat

почти 11 лет назад

The HYPERVISOR_xen_version hypercall in Xen 3.2.x through 4.5.x does not properly initialize data structures, which allows local guest users to obtain sensitive information via unspecified vectors.

CVE-2015-2045

debian

почти 11 лет назад

The HYPERVISOR_xen_version hypercall in Xen 3.2.x through 4.5.x does n ...

GHSA-hp7f-c7cj-cfg9

github

больше 3 лет назад

The HYPERVISOR_xen_version hypercall in Xen 3.2.x through 4.5.x does not properly initialize data structures, which allows local guest users to obtain sensitive information via unspecified vectors.

SUSE-SU-2015:0747-1

suse-cvrf

почти 11 лет назад

Security update for Xen

EPSS

Процентиль: 23%

0.00076

Низкий

2.1 Low

CVSS2

Дефекты

CWE-200