Lucene search

K
ubuntucveUbuntu.comUB:CVE-2015-8553
HistoryApr 13, 2016 - 12:00 a.m.

CVE-2015-8553

2016-04-1300:00:00
ubuntu.com
ubuntu.com
13

6.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

4.9 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

0.001 Low

EPSS

Percentile

28.1%

Xen allows guest OS users to obtain sensitive information from
uninitialized locations in host OS kernel memory by not enabling memory and
I/O decoding control bits. NOTE: this vulnerability exists because of an
incomplete fix for CVE-2015-0777.

Bugs

Notes

Author Note
mdeslaur see version 5 of XSA-120 advisory for updates patches
sbeattie deferring as it introduced problems with some QEMU setups first fix is af6fc858a35b90e89ea7a7ee58e66628c55c776b; the regression fix doesn’t seem to have made it upstream description is incorrect, the incomplete fix is to CVE-2015-2150

6.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

4.9 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

0.001 Low

EPSS

Percentile

28.1%