CVE-2015-8555

8.6HIGH

Key Information:

Vendor: Citrix
Status: Xenserver
Vendor: CVE Published:; 13 April 2016

Summary

Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and earlier do not initialize x86 FPU stack and XMM registers when XSAVE/XRSTOR are not used to manage guest extended register state, which allows local guest domains to obtain sensitive information from other domains via unspecified vectors.

References

http://www.oracle.com/technetwork/topics/security/ovmbull...

x_refsource_CONFIRM

http://www.debian.org/security/2016/dsa-3519

vendor-advisoryx_refsource_DEBIAN

http://www.securitytracker.com/id/1034477

vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Apr 13, 2016
Vulnerability Reserved
Dec 14, 2015

Collectors

NVD DatabaseMitre Database

.