7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.007 Low
EPSS
Percentile
79.8%
This security advisory (SA) describes the impact of Xen vulnerabilities discovered in website.
This vulnerability is referenced in this document as follows:
XSA-120: Non-maskable interrupts triggerable by guests. In the event that the platform surfaces aforementioned UR responses as Non-Maskable Interrupts, and either the OS is configured to treat NMIs as fatal or (e.g. via ACPI’s APEI) the platform tells the OS to treat these errors as fatal, the host would crash, leading to a Denial of Service.( HWPSIRT-2015-03019)
This Vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2015-2150.
XSA-123: Hypervisor memory corruption due to x86 emulator flaw. A malicious guest might be able to read sensitive data relating to other guests, or to cause denial of service on the host. Arbitrary code execution, and therefore privilege escalation, cannot be excluded. (HWPSIRT-2015-03020)
This Vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2015-2151.
XSA-121: Information leak via internal x86 system device emulation. A malicious HVM guest might be able to read sensitive data relating to other guests. (HWPSIRT-2015-03021)
This Vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2015-2044.
XSA-122: Information leak through version information hypercall. A malicious guest might be able to read sensitive data relating to other guests.
This Vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2015-2045.
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.007 Low
EPSS
Percentile
79.8%