Veracode Vulnerability DatabaseVERACODE:37817Information Disclosure
7.1 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
3.2 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:S/C:P/I:P/A:N
0.0005 Low
EPSS
Percentile
17.4%
xen is vulnerable to information disclosure. The vulnerability exists because of unintended memory sharing between guests On Intel systems that support the virtualize APIC accesses feature which allows an attacker to read and write the global shared xAPIC page by moving the local APIC out of xAPIC mode.
References
www.openwall.com/lists/oss-security/2022/11/01/3
xenbits.xen.org/xsa/advisory-412.html
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLI2NPNEH7CNJO3VZGQNOI4M4EWLNKPZ/
lists.fedoraproject.org/archives/list/[email protected]/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ/
lists.fedoraproject.org/archives/list/[email protected]/message/ZLI2NPNEH7CNJO3VZGQNOI4M4EWLNKPZ/
secdb.alpinelinux.org/edge/main.yaml
xenbits.xenproject.org/xsa/advisory-412.txt
Related
7.1 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
3.2 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:S/C:P/I:P/A:N
0.0005 Low
EPSS
Percentile
17.4%