CVE-2015-8555

Loading...

General

Score:5.0/10.0
Severity:Medium
Category:Information Leak / Disclosure

Impact Metrics

Confidentiality:Partial
Integrity:None
Availability:None

Exploitability Metrics

Access Vector:Network
Access Complexity:Low
Authentication:None

Relative vulnerabilities

CVE-2013-4527, CVE-2013-4529, CVE-2013-4530, CVE-2013-4533, CVE-2013-4534, CVE-2013-4537, CVE-2013-4538, CVE-2013-4539, CVE-2014-0222, CVE-2014-3640, CVE-2014-3689, CVE-2014-7815, CVE-2014-9718, CVE-2015-1779, CVE-2015-2752, CVE-2015-2756, CVE-2015-4037, CVE-2015-5165, CVE-2015-5239, CVE-2015-5278, CVE-2015-5307, CVE-2015-6855, CVE-2015-7504, CVE-2015-7512, CVE-2015-7549, CVE-2015-7969, CVE-2015-7970, CVE-2015-7971, CVE-2015-7972, CVE-2015-8104, CVE-2015-8339, CVE-2015-8340, CVE-2015-8341, CVE-2015-8345, CVE-2015-8504, CVE-2015-8550, CVE-2015-8554, CVE-2015-8558, CVE-2015-8567, CVE-2015-8568, CVE-2015-8613, CVE-2015-8615, CVE-2015-8619, CVE-2015-8743, CVE-2015-8744, CVE-2015-8745, CVE-2015-8817, CVE-2015-8818, CVE-2016-1568, CVE-2016-1570, CVE-2016-1571, CVE-2016-1714, CVE-2016-1922, CVE-2016-1981, CVE-2016-2198, CVE-2016-2270, CVE-2016-2271, CVE-2016-2391, CVE-2016-2392, CVE-2016-2538, CVE-2016-2841

Published on 13/04/16 - Updated on 01/07/17

Description

Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and earlier do not initialize x86 FPU stack and XMM registers when XSAVE/XRSTOR are not used to manage guest extended register state, which allows local guest domains to obtain sensitive information from other domains via unspecified vectors.

Category: Information Leak / Disclosure

CWE-200 (Information Exposure)
An information exposure is the intentional or unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information.

Security Notices

US National Vulnerability DatabaseCVE-2015-8555
Agence Nationale de la Sécurité des Systèmes d'Information CERTFR-2015-AVI-551, CERTFR-2015-AVI-556
Debian DSA-3519-1
Debian LTSDLA-479-1
SUSE SUSE-SU-2016:0658, SUSE-SU-2016:0873, SUSE-SU-2016:0955, SUSE-SU-2016:1154, SUSE-SU-2016:1318, SUSE-SU-2016:1745

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
citrixxenserver
xenxen

Share this vulnerability with:

Twitter Facebook LinkedIn Mail