Local Guest Domain Vulnerability in Xen Hypervisor by Citrix
CVE-2015-8555

8.6HIGH

Key Information:

Vendor

Citrix
Status
Xenserver
Vendor
CVE Published:
13 April 2016

What is CVE-2015-8555?

Xen Hypervisor versions 4.6.x, 4.5.x, 4.4.x, 4.3.x, and earlier are vulnerable due to improper initialization of the x86 FPU stack and XMM registers. This vulnerability can allow local guest domains to gain unauthorized access to sensitive information from other domains, potentially exploiting unspecified vectors. Users of affected versions are encouraged to implement the necessary updates and patches to safeguard their environments.

References

http://www.oracle.com/technetwork/topics/security/ovmbull...
x_refsource_CONFIRM
http://www.debian.org/security/2016/dsa-3519
vendor-advisoryx_refsource_DEBIAN
http://www.securitytracker.com/id/1034477
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
8.6
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2015-8555 : Local Guest Domain Vulnerability in Xen Hypervisor by Citrix