Vulnerability Details CVE-2015-0777
drivers/xen/usbback/usbback.c in linux-2.6.18-xen-3.4.0 (aka the Xen 3.4.x support patches for the Linux kernel 2.6.18), as used in the Linux kernel 2.6.x and 3.x in SUSE Linux distributions, allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory via unspecified vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 33.4%
CVSS Severity
CVSS v2 Score 2.1
References
- http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.html
- http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.html
- http://www.securityfocus.com/bid/73921
- https://bugzilla.novell.com/show_bug.cgi?id=917830
- http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.html
- http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.html
- http://www.securityfocus.com/bid/73921
- https://bugzilla.novell.com/show_bug.cgi?id=917830
Products affected by CVE-2015-0777
-
cpe:2.3:o:linux:linux_kernel:2.6.18
-
cpe:2.3:o:xen:xen:3.4.0
-
cpe:2.3:o:xen:xen:3.4.1
-
cpe:2.3:o:xen:xen:3.4.2
-
cpe:2.3:o:xen:xen:3.4.3
-
cpe:2.3:o:xen:xen:3.4.4