SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Xen Vendors:   Xen Project
Xen x86 Device Emulation Bug Lets Local Guest Users Obtain Information From Other Guest Systems
SecurityTracker Alert ID:  1031836
SecurityTracker URL:  http://securitytracker.com/id/1031836
CVE Reference:   CVE-2015-2044   (Links to External Site)
Date:  Mar 5 2015
Impact:   Disclosure of authentication information, Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 3.2.x and later; possibly earlier versions
Description:   A vulnerability was reported in Xen. A local user on a guest system can access potentially sensitive information from the hypervisor.

Some internal x86 system device emulation routines in the hypervisor do not properly set data to be returned in response to a call from the guest and may contain hypervisor stack contents.

Only x86 systems are vulnerable. ARM systems are not affected.

Only HVM guests can exploit this flaw.

Jan Beulich of SUSE reported this vulnerability.

Impact:   A local user on a guest system can access potentially sensitive information from the hypervisor, including information from other guests.
Solution:   The vendor has issued a fix (xsa121.patch).

The vendor's advisory is available at:

http://xenbits.xen.org/xsa/advisory-121.html

Vendor URL:  xenbits.xen.org/xsa/advisory-121.html (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC