CVE-2015-3340
Published Apr 28, 2015
Last updated 6 years ago
Overview
- Description
- Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 2.9
- Impact score
- 2.9
- Exploitability score
- 5.5
- Vector string
- AV:A/AC:M/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-200
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8F0AF8EF-6FF6-4E22-B16E-82C9F90C6B00"
},
{
"criteria": "cpe:2.3:o:xen:xen:4.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "47640819-FC43-49ED-8A77-728C3D7255B3"
},
{
"criteria": "cpe:2.3:o:xen:xen:4.2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2448537F-87AD-45C1-9FB0-7A49CA31BD76"
},
{
"criteria": "cpe:2.3:o:xen:xen:4.2.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E36B2265-70E1-413B-A7CF-79D39E9ADCFB"
},
{
"criteria": "cpe:2.3:o:xen:xen:4.2.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "37148A72-BE20-45C5-8589-2309ED84D08C"
},
{
"criteria": "cpe:2.3:o:xen:xen:4.2.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FB736B4C-325A-4B27-8C8A-15E60B8A8C82"
},
{
"criteria": "cpe:2.3:o:xen:xen:4.3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BF948E6A-07BE-4C7D-8A98-002E89D35F4D"
},
{
"criteria": "cpe:2.3:o:xen:xen:4.3.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C0E23B94-1726-4F63-84BB-8D83FAB156D7"
},
{
"criteria": "cpe:2.3:o:xen:xen:4.3.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C76124AB-4E3D-4BE0-AAEA-7FC05868E2FB"
},
{
"criteria": "cpe:2.3:o:xen:xen:4.3.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F30B5EF5-0AE8-420B-A103-B1B25A372F09"
},
{
"criteria": "cpe:2.3:o:xen:xen:4.3.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F784EF07-DBEC-492A-A0F4-F9F7B2551A0B"
},
{
"criteria": "cpe:2.3:o:xen:xen:4.4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1044792C-D544-457C-9391-4F3B5BAB978D"
},
{
"criteria": "cpe:2.3:o:xen:xen:4.4.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FBD9AD01-50B7-4951-8A73-A6CF4801A487"
},
{
"criteria": "cpe:2.3:o:xen:xen:4.4.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "89AA8FD5-E997-4F0D-AFB6-FFBE0073BA5D"
},
{
"criteria": "cpe:2.3:o:xen:xen:4.5.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "90CCECD0-C0F9-45A8-8699-64428637EBCA"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:suse:suse_linux_enterprise_software_development_kit:11.0:sp3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C3407560-6D54-4B1B-9977-AD4F6EB5D6BB"
},
{
"criteria": "cpe:2.3:o:suse:suse_linux_enterprise_desktop:11.0:sp3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "777F6902-6EFA-482A-9A17-48DA5BDDB9CD"
},
{
"criteria": "cpe:2.3:o:suse:suse_linux_enterprise_server:11.0:sp3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7F622F0E-8D17-47E8-8F3C-A640C21544E9"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9"
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "56BDB5A0-0839-4A20-A003-B8CD56F48171"
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA"
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F"
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F1EB0F28-F23A-4969-8A3E-66DA2EFA40C3"
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DB2A1559-651C-46B0-B436-8E03DC8A60D2"
},
{
"criteria": "cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9C649194-B8C2-49F7-A819-C635EE584ABF"
}
],
"operator": "OR"
}
]
}
]