Main Vulnerability Database SB2015051506

SB2015051506 - Information disclosure in xen (Alpine package)

Published: May 15, 2015

Security Bulletin ID SB2015051506

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Information disclosure (CVE-ID: CVE-2015-2044)

The vulnerability allows a local non-authenticated attacker to gain access to sensitive information.

The emulation routines for unspecified X86 devices in Xen 3.2.x through 4.5.x does not properly initialize data, which allow local HVM guest users to obtain sensitive information via vectors involving an unsupported access size.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=850840a2934c957dceba8fddf438d070edce71a4
https://git.alpinelinux.org/aports/commit/?id=a824d445bbe2abb22ca2362898b7e72054639120