Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
2.1
CVSSv2

CVE-2015-2045

Published: 12/03/2015 Updated: 30/10/2018
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
VMScore: 187
Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Xen

Vulnerability Summary

The HYPERVISOR_xen_version hypercall in Xen 3.2.x up to and including 4.5.x does not properly initialize data structures, which allows local guest users to obtain sensitive information via unspecified vectors.

Vulnerable Product Search on Vulmon Subscribe to Product

xen xen 3.2.1

xen xen 3.2.2

xen xen 3.4.2

xen xen 3.4.3

xen xen 3.4.4

xen xen 4.1.1

xen xen 4.1.2

xen xen 4.2.2

xen xen 4.2.3

xen xen 3.2.3

xen xen 3.3.0

xen xen 4.0.0

xen xen 4.0.1

xen xen 4.1.3

xen xen 4.1.4

xen xen 4.3.0

xen xen 4.3.1

xen xen 3.3.1

xen xen 3.3.2

xen xen 4.0.2

xen xen 4.0.3

xen xen 4.1.5

xen xen 4.1.6.1

xen xen 4.4.0

xen xen 3.2.0

xen xen 3.4.0

xen xen 3.4.1

xen xen 4.0.4

xen xen 4.1.0

xen xen 4.2.0

xen xen 4.2.1

xen xen 4.4.1

xen xen 4.5.0

fedoraproject fedora 20

fedoraproject fedora 21

fedoraproject fedora 22

debian debian linux 7.0

Vendor Advisories

Debian CVElist Bug Report Logs: XSA-123 / CVE-2015-2151 Hypervisor memory corruption due to x86 emulator flaw
Debian Bug report logs - #780227 XSA-123 / CVE-2015-2151 Hypervisor memory corruption due to x86 emulator flaw Package: src:xen; Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>; Reported by: Josip Rodin <joy@debbugsentuzijastnet> Date: Tue, 10 Mar 2015 19:36:02 UTC Severity: critic ...
Debian Security Advisories: DSA-3181-1 xen -- security update
Multiple security issues have been found in the Xen virtualisation solution: CVE-2015-2044 Information leak via x86 system device emulation CVE-2015-2045 Information leak in the HYPERVISOR_xen_version() hypercall CVE-2015-2151 Missing input sanitising in the x86 emulator could result in information disclosure, denial of service o ...
Red Hat: CVE-2015-2045
The HYPERVISOR_xen_version hypercall in Xen 32x through 45x does not properly initialize data structures, which allows local guest users to obtain sensitive information via unspecified vectors ...

References

CWE-200http://www.securitytracker.com/id/1031837http://xenbits.xen.org/xsa/advisory-122.htmlhttp://www.debian.org/security/2015/dsa-3181http://www.securitytracker.com/id/1031806http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152588.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-March/152776.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-March/152483.htmlhttp://www.securityfocus.com/bid/72955http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-423503.htmhttp://support.citrix.com/article/CTX200484https://security.gentoo.org/glsa/201504-04http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00014.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780227https://www.debian.org/security/./dsa-3181https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2015-2045
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028CVE-2024-32406CVE-2024-25624IMAPCVE-2024-2310CVE-2024-0874CVE-2024-20359XXEremote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook