CVE-2015-2044
xen - security update
EPSS 0.08%
Description
The emulation routines for unspecified X86 devices in Xen 3.2.x through 4.5.x does not properly initialize data, which allow local HVM guest users to obtain sensitive information via vectors involving an unsupported access size.
How to fix CVE-2015-2044
To remediate CVE-2015-2044, upgrade the affected package to a fixed version below.
- Debian/xen—upgrade to 4.4.1-8 or later
- Debian/xen—upgrade to 4.1.4-3+deb7u5 or later
Is CVE-2015-2044 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 4.4.1-8
- from 0, < 4.1.4-3+deb7u5