CVE-2015-8553

Published: Apr 13, 2016Modified: May 26, 2026

6.5

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Exploitability: 2.0 / Impact: 4.0

Source: NVD

Description

Xen allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory by not enabling memory and I/O decoding control bits. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0777.

Affected (2)

Products: Xen: Xen · Redhat: Enterprise Linux

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Xen Xen	All versions

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux	Version 5

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

http://xenbits.xen.org/xsa/advisory-120.html

Source: cve@mitre.org

PatchVendor Advisory

https://seclists.org/bugtraq/2019/Aug/18

Source: cve@mitre.org

https://www.debian.org/security/2019/dsa-4497

Source: cve@mitre.org

http://xenbits.xen.org/xsa/advisory-120.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://seclists.org/bugtraq/2019/Aug/18

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.debian.org/security/2019/dsa-4497

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.