Your submission was sent successfully! Close

CVE-2015-3340

Published: 28 April 2015

Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request.

Priority

Low

Status

Package Release Status
xen
Launchpad, Ubuntu, Debian
lucid Does not exist

precise
Released (4.1.6.1-0ubuntu0.12.04.6)
trusty Does not exist
(trusty was released [4.4.1-0ubuntu0.14.04.6])
upstream Needs triage

utopic
Released (4.4.1-0ubuntu0.14.10.6)
vivid
Released (4.5.0-1ubuntu4.1)
wily Not vulnerable
(4.5.1-0ubuntu1)
xenial Not vulnerable
(4.5.1-0ubuntu1)
xen-3.3
Launchpad, Ubuntu, Debian
lucid Not vulnerable
(4.x only)
precise Does not exist

trusty Does not exist

upstream Ignored
(reached end-of-life)
utopic Does not exist

vivid Does not exist

wily Does not exist

xenial Does not exist

Notes

AuthorNote
mdeslaur
hypervisor packages are in universe. For
issues in the hypervisor, add appropriate
tags to each section, ex:
Tags_xen: universe-binary
sbeattie
xen 4.0 and later

References