1.5 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:S/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
25.5%
Insufficient or missing error handling in certain routines dealing with guest memory reads can lead to uninitialized data on the hypervisor stack (potentially containing sensitive data from prior work the hypervisor performed) being copied to guest visible storage.
This allows a malicious HVM guest to craft certain operations (namely, but not limited to, port or memory mapped I/O writes) involving physical or virtual addresses that have no actual memory associated with them, so that hypervisor stack contents are copied into the destination of the operation, thus becoming visible to the guest.
A malicious HVM guest might be able to read sensitive data relating to other guests.
Xen 3.2.x and later are vulnerable. Xen 3.1.x and earlier have not been inspected.
Only HVM guests can take advantage of this vulnerability.