Local Guest Domain Vulnerability in Xen Hypervisor by Citrix
CVE-2015-8555

8.6HIGH

Key Information:

Vendor
Citrix
Status
Vendor
CVE Published:
13 April 2016

Summary

Xen Hypervisor versions 4.6.x, 4.5.x, 4.4.x, 4.3.x, and earlier are vulnerable due to improper initialization of the x86 FPU stack and XMM registers. This vulnerability can allow local guest domains to gain unauthorized access to sensitive information from other domains, potentially exploiting unspecified vectors. Users of affected versions are encouraged to implement the necessary updates and patches to safeguard their environments.

References

CVSS V3.1

Score:
8.6
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.