CVE-2015-8553Sensitive Information Exposure in Linux

CWE-200Sensitive Information Exposure9 documents6 sources
Severity
6.5MEDIUMNVD
OSV2.1
EPSS
0.3%
top 49.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Linux KernelDebian LinuxRedhat Enterprise Linux
Timeline
PublishedApr 13
Latest updateMay 14

Description

Xen allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory by not enabling memory and I/O decoding control bits. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0777.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:NExploitability: 2.0 | Impact: 4.0

Affected Packages2 packages

Debianlinux/linux_kernel< 4.19.37-1+3
debiandebian/linux< linux 4.19.37-1 (bookworm)

Also affects: Enterprise Linux 5

Patches

Patch: xenbits.xen.orgPatch: xenbits.xen.org

🔴Vulnerability Details

2
GHSA
GHSA-p4j9-qwcx-6mjj: Xen allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory by not enabling memory and I/O decodin2022-05-14
OSV
CVE-2015-8553: Xen allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory by not enabling memory and I/O decodin2016-04-13

📋Vendor Advisories

2
Red Hat
xen: non-maskable interrupts triggerable by guests (xsa120)2015-03-10
Debian
CVE-2015-8553: linux - Xen allows guest OS users to obtain sensitive information from uninitialized loc...2015

💬Community

4
Bugzilla
CVE-2015-8554 CVE-2015-8555 CVE-2015-8550 CVE-2015-8551 CVE-2015-8552 CVE-2015-2150 CVE-2015-8553 xen: various flaws [fedora-all]2015-12-17
Bugzilla
CVE-2015-8551 CVE-2015-8552 xsa157 xen: Linux pciback missing sanity checks leading to crash (XSA-157)2015-12-07
Bugzilla
CVE-2015-2150 CVE-2015-8553 kernel: xen: non-maskable interrupts triggerable by guests (xsa120) [fedora-all]2015-03-10
Bugzilla
CVE-2015-2150 CVE-2015-8553 xen: non-maskable interrupts triggerable by guests (xsa120)2015-02-25