CVE-2015-3340

EPSS 0.63%

Published: 4/28/2015Modified: 4/28/2026

Also known as:DEBIAN-CVE-2015-3340

Description

Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request.

Affected packages (1)

Debian/xenfrom 0, < 4.6.0-1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2015-3340