5.4 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
25.0%
Xen allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory by not enabling memory and I/O decoding control bits. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0777.
xenbits.xen.org/xsa/advisory-120.html
seclists.org/bugtraq/2019/Aug/18
www.debian.org/security/2019/dsa-4497