CVE-2015-8555: Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and earlier do not initialize x86 FPU stack and XMM registers when XSAVE/XRSTOR are not used to manage guest extended register…

high8.6CVSS 3.0

AVNACLPRNUINSCCHINAN

Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and earlier do not initialize x86 FPU stack and XMM registers when XSAVE/XRSTOR are not used to manage guest extended register state, which allows local guest domains to obtain sensitive information from other domains via unspecified vectors.

Affected

29 ranges· showing 25

Vendor	Product	Version range	Fixed in
citrix	citrix_adm	—	—
citrix	citrix_hypervisor	—	—
citrix	citrix_virtual_apps_and_desktops	—	—
citrix	endpoint_management	—	—
citrix	netscaler_adc	—	—
citrix	netscaler_gateway	—	—
citrix	xenserver	—	—
citrix	xenserver	—	—
debian	xen	< xen 4.8.0~rc3-1 (bookworm)	xen 4.8.0~rc3-1 (bookworm)
xen	xen	—	—
xen	xen	—	—
xen	xen	—	—
xen	xen	—	—
xen	xen	—	—
xen	xen	—	—
xen	xen	—	—
xen	xen	—	—
xen	xen	—	—
xen	xen	—	—
xen	xen	—	—
xen	xen	—	—
xen	xen	—	—
xen	xen	—	—
xen	xen	—	—
xen	xen	—	—

CVSS provenance

nvdv3.08.6HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

osv8.6HIGH