CVE-2015-3340 - Vulnerability Details

Vendors	Products
Debian	Debian Linux
Fedoraproject	Fedora
Opensuse	Opensuse
Suse	Linux Enterprise Desktop Linux Enterprise Software Development Kit Suse Linux Enterprise Desktop Suse Linux Enterprise Server Suse Linux Enterprise Software Development Kit
Xen	Xen

Link	Providers
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156005.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156979.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157006.html
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00018.html
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00019.html
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00001.html
http://www.debian.org/security/2015/dsa-3414
http://www.securityfocus.com/bid/74248
http://www.securitytracker.com/id/1032158
http://xenbits.xen.org/xsa/advisory-132.html
https://nvd.nist.gov/vuln/detail/CVE-2015-3340
https://security.gentoo.org/glsa/201604-03
https://www.cve.org/CVERecord?id=CVE-2015-3340

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-04-20T00:00:00", "descriptions": [{"lang": "en", "value": "Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-06-30T16:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://xenbits.xen.org/xsa/advisory-132.html"}, {"name": "FEDORA-2015-6569", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156005.html"}, {"name": "SUSE-SU-2015:0923", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00018.html"}, {"name": "74248", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/74248"}, {"name": "1032158", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1032158"}, {"name": "DSA-3414", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2015/dsa-3414"}, {"name": "FEDORA-2015-6583", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157006.html"}, {"name": "SUSE-SU-2015:0927", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00019.html"}, {"name": "GLSA-201604-03", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201604-03"}, {"name": "FEDORA-2015-6670", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156979.html"}, {"name": "openSUSE-SU-2015:0983", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00001.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-3340", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://xenbits.xen.org/xsa/advisory-132.html", "refsource": "CONFIRM", "url": "http://xenbits.xen.org/xsa/advisory-132.html"}, {"name": "FEDORA-2015-6569", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156005.html"}, {"name": "SUSE-SU-2015:0923", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00018.html"}, {"name": "74248", "refsource": "BID", "url": "http://www.securityfocus.com/bid/74248"}, {"name": "1032158", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1032158"}, {"name": "DSA-3414", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2015/dsa-3414"}, {"name": "FEDORA-2015-6583", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157006.html"}, {"name": "SUSE-SU-2015:0927", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00019.html"}, {"name": "GLSA-201604-03", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201604-03"}, {"name": "FEDORA-2015-6670", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156979.html"}, {"name": "openSUSE-SU-2015:0983", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00001.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T05:47:57.338Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://xenbits.xen.org/xsa/advisory-132.html"}, {"name": "FEDORA-2015-6569", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156005.html"}, {"name": "SUSE-SU-2015:0923", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00018.html"}, {"name": "74248", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/74248"}, {"name": "1032158", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1032158"}, {"name": "DSA-3414", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2015/dsa-3414"}, {"name": "FEDORA-2015-6583", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157006.html"}, {"name": "SUSE-SU-2015:0927", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00019.html"}, {"name": "GLSA-201604-03", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201604-03"}, {"name": "FEDORA-2015-6670", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156979.html"}, {"name": "openSUSE-SU-2015:0983", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00001.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-3340", "datePublished": "2015-04-28T14:00:00", "dateReserved": "2015-04-20T00:00:00", "dateUpdated": "2024-08-06T05:47:57.338Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2015-04-20T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2017-06-30T16:57:01 (string)

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://xenbits.xen.org/xsa/advisory-132.html (string)

}

1 : { »

name : FEDORA-2015-6569 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156005.html (string)

}

2 : { »

name : SUSE-SU-2015:0923 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00018.html (string)

}

3 : { »

name : 74248 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

]

url : http://www.securityfocus.com/bid/74248 (string)

}

4 : { »

name : 1032158 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

]

url : http://www.securitytracker.com/id/1032158 (string)

}

5 : { »

name : DSA-3414 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

]

url : http://www.debian.org/security/2015/dsa-3414 (string)

}

6 : { »

name : FEDORA-2015-6583 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157006.html (string)

}

7 : { »

name : SUSE-SU-2015:0927 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00019.html (string)

}

8 : { »

name : GLSA-201604-03 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_GENTOO (string)

]

url : https://security.gentoo.org/glsa/201604-03 (string)

}

9 : { »

name : FEDORA-2015-6670 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156979.html (string)

}

10 : { »

name : openSUSE-SU-2015:0983 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00001.html (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cve@mitre.org (string)

ID : CVE-2015-3340 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : http://xenbits.xen.org/xsa/advisory-132.html (string)

refsource : CONFIRM (string)

url : http://xenbits.xen.org/xsa/advisory-132.html (string)

}

1 : { »

name : FEDORA-2015-6569 (string)

refsource : FEDORA (string)

url : http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156005.html (string)

}

2 : { »

name : SUSE-SU-2015:0923 (string)

refsource : SUSE (string)

url : http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00018.html (string)

}

3 : { »

name : 74248 (string)

refsource : BID (string)

url : http://www.securityfocus.com/bid/74248 (string)

}

4 : { »

name : 1032158 (string)

refsource : SECTRACK (string)

url : http://www.securitytracker.com/id/1032158 (string)

}

5 : { »

name : DSA-3414 (string)

refsource : DEBIAN (string)

url : http://www.debian.org/security/2015/dsa-3414 (string)

}

6 : { »

name : FEDORA-2015-6583 (string)

refsource : FEDORA (string)

url : http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157006.html (string)

}

7 : { »

name : SUSE-SU-2015:0927 (string)

refsource : SUSE (string)

url : http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00019.html (string)

}

8 : { »

name : GLSA-201604-03 (string)

refsource : GENTOO (string)

url : https://security.gentoo.org/glsa/201604-03 (string)

}

9 : { »

name : FEDORA-2015-6670 (string)

refsource : FEDORA (string)

url : http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156979.html (string)

}

10 : { »

name : openSUSE-SU-2015:0983 (string)

refsource : SUSE (string)

url : http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00001.html (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-06T05:47:57.338Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://xenbits.xen.org/xsa/advisory-132.html (string)

}

1 : { »

name : FEDORA-2015-6569 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

2 : x_transferred (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156005.html (string)

}

2 : { »

name : SUSE-SU-2015:0923 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

2 : x_transferred (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00018.html (string)

}

3 : { »

name : 74248 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/bid/74248 (string)

}

4 : { »

name : 1032158 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

2 : x_transferred (string)

]

url : http://www.securitytracker.com/id/1032158 (string)

}

5 : { »

name : DSA-3414 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

2 : x_transferred (string)

]

url : http://www.debian.org/security/2015/dsa-3414 (string)

}

6 : { »

name : FEDORA-2015-6583 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

2 : x_transferred (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157006.html (string)

}

7 : { »

name : SUSE-SU-2015:0927 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

2 : x_transferred (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00019.html (string)

}

8 : { »

name : GLSA-201604-03 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_GENTOO (string)

2 : x_transferred (string)

]

url : https://security.gentoo.org/glsa/201604-03 (string)

}

9 : { »

name : FEDORA-2015-6670 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

2 : x_transferred (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156979.html (string)

}

10 : { »

name : openSUSE-SU-2015:0983 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

2 : x_transferred (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00001.html (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

cveId : CVE-2015-3340 (string)

datePublished : 2015-04-28T14:00:00 (string)

dateReserved : 2015-04-20T00:00:00 (string)

dateUpdated : 2024-08-06T05:47:57.338Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "8F0AF8EF-6FF6-4E22-B16E-82C9F90C6B00", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "47640819-FC43-49ED-8A77-728C3D7255B3", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "2448537F-87AD-45C1-9FB0-7A49CA31BD76", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "E36B2265-70E1-413B-A7CF-79D39E9ADCFB", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "37148A72-BE20-45C5-8589-2309ED84D08C", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "FB736B4C-325A-4B27-8C8A-15E60B8A8C82", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "BF948E6A-07BE-4C7D-8A98-002E89D35F4D", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "C0E23B94-1726-4F63-84BB-8D83FAB156D7", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "C76124AB-4E3D-4BE0-AAEA-7FC05868E2FB", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "F30B5EF5-0AE8-420B-A103-B1B25A372F09", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "F784EF07-DBEC-492A-A0F4-F9F7B2551A0B", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "1044792C-D544-457C-9391-4F3B5BAB978D", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "FBD9AD01-50B7-4951-8A73-A6CF4801A487", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "89AA8FD5-E997-4F0D-AFB6-FFBE0073BA5D", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "90CCECD0-C0F9-45A8-8699-64428637EBCA", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:suse:suse_linux_enterprise_software_development_kit:11.0:sp3:*:*:*:*:*:*", "matchCriteriaId": "C3407560-6D54-4B1B-9977-AD4F6EB5D6BB", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:suse_linux_enterprise_desktop:11.0:sp3:*:*:*:*:*:*", "matchCriteriaId": "777F6902-6EFA-482A-9A17-48DA5BDDB9CD", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:suse_linux_enterprise_server:11.0:sp3:*:*:*:*:*:*", "matchCriteriaId": "7F622F0E-8D17-47E8-8F3C-A640C21544E9", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", "matchCriteriaId": "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*", "matchCriteriaId": "56BDB5A0-0839-4A20-A003-B8CD56F48171", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*", "matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:*:*:*:*:*:*:*", "matchCriteriaId": "F1EB0F28-F23A-4969-8A3E-66DA2EFA40C3", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:*:*:*:*:*:*:*", "matchCriteriaId": "DB2A1559-651C-46B0-B436-8E03DC8A60D2", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*", "matchCriteriaId": "9C649194-B8C2-49F7-A819-C635EE584ABF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request."}, {"lang": "es", "value": "Xen 4.2.x hasta 4.5.x no inicializa ciertos campos, lo que permite a ciertos dominios de servicio remotos obtener informaci\u00f3n sensible de la memoria a trav\u00e9s de una solicitud (1) XEN_DOMCTL_gettscinfo o (2) XEN_SYSCTL_getdomaininfolist."}], "id": "CVE-2015-3340", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.9, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 5.5, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-04-28T14:59:02.560", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156005.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156979.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157006.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00018.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00019.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00001.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2015/dsa-3414"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/74248"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1032158"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://xenbits.xen.org/xsa/advisory-132.html"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201604-03"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156005.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156979.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157006.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00018.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00019.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2015/dsa-3414"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/74248"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1032158"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://xenbits.xen.org/xsa/advisory-132.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201604-03"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 8F0AF8EF-6FF6-4E22-B16E-82C9F90C6B00 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:xen:xen:4.2.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 47640819-FC43-49ED-8A77-728C3D7255B3 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:xen:xen:4.2.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 2448537F-87AD-45C1-9FB0-7A49CA31BD76 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:o:xen:xen:4.2.3:*:*:*:*:*:*:* (string)

matchCriteriaId : E36B2265-70E1-413B-A7CF-79D39E9ADCFB (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:o:xen:xen:4.2.4:*:*:*:*:*:*:* (string)

matchCriteriaId : 37148A72-BE20-45C5-8589-2309ED84D08C (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:o:xen:xen:4.2.5:*:*:*:*:*:*:* (string)

matchCriteriaId : FB736B4C-325A-4B27-8C8A-15E60B8A8C82 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:o:xen:xen:4.3.0:*:*:*:*:*:*:* (string)

matchCriteriaId : BF948E6A-07BE-4C7D-8A98-002E89D35F4D (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:o:xen:xen:4.3.1:*:*:*:*:*:*:* (string)

matchCriteriaId : C0E23B94-1726-4F63-84BB-8D83FAB156D7 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:o:xen:xen:4.3.2:*:*:*:*:*:*:* (string)

matchCriteriaId : C76124AB-4E3D-4BE0-AAEA-7FC05868E2FB (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:o:xen:xen:4.3.3:*:*:*:*:*:*:* (string)

matchCriteriaId : F30B5EF5-0AE8-420B-A103-B1B25A372F09 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:o:xen:xen:4.3.4:*:*:*:*:*:*:* (string)

matchCriteriaId : F784EF07-DBEC-492A-A0F4-F9F7B2551A0B (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:o:xen:xen:4.4.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 1044792C-D544-457C-9391-4F3B5BAB978D (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:o:xen:xen:4.4.1:*:*:*:*:*:*:* (string)

matchCriteriaId : FBD9AD01-50B7-4951-8A73-A6CF4801A487 (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:o:xen:xen:4.4.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 89AA8FD5-E997-4F0D-AFB6-FFBE0073BA5D (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:o:xen:xen:4.5.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 90CCECD0-C0F9-45A8-8699-64428637EBCA (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:suse:suse_linux_enterprise_software_development_kit:11.0:sp3:*:*:*:*:*:* (string)

matchCriteriaId : C3407560-6D54-4B1B-9977-AD4F6EB5D6BB (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:suse:suse_linux_enterprise_desktop:11.0:sp3:*:*:*:*:*:* (string)

matchCriteriaId : 777F6902-6EFA-482A-9A17-48DA5BDDB9CD (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:suse:suse_linux_enterprise_server:11.0:sp3:*:*:*:*:*:* (string)

matchCriteriaId : 7F622F0E-8D17-47E8-8F3C-A640C21544E9 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

2 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:* (string)

matchCriteriaId : FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:* (string)

matchCriteriaId : 56BDB5A0-0839-4A20-A003-B8CD56F48171 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:* (string)

matchCriteriaId : 253C303A-E577-4488-93E6-68A8DD942C38 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

3 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 16F59A04-14CF-49E2-9973-645477EA09DA (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* (string)

matchCriteriaId : C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

4 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:* (string)

matchCriteriaId : A10BC294-9196-425F-9FB0-B1625465B47F (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:suse:linux_enterprise_desktop:12:*:*:*:*:*:*:* (string)

matchCriteriaId : F1EB0F28-F23A-4969-8A3E-66DA2EFA40C3 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:*:*:*:*:*:*:* (string)

matchCriteriaId : DB2A1559-651C-46B0-B436-8E03DC8A60D2 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:* (string)

matchCriteriaId : 9C649194-B8C2-49F7-A819-C635EE584ABF (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request. (string)

}

1 : { »

lang : es (string)

value : Xen 4.2.x hasta 4.5.x no inicializa ciertos campos, lo que permite a ciertos dominios de servicio remotos obtener información sensible de la memoria a través de una solicitud (1) XEN_DOMCTL_gettscinfo o (2) XEN_SYSCTL_getdomaininfolist. (string)

}

]

id : CVE-2015-3340 (string)

lastModified : 2025-04-12T10:46:40.837 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : LOW (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : ADJACENT_NETWORK (string)

authentication : NONE (string)

availabilityImpact : NONE (string)

baseScore : 2.9 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : NONE (string)

vectorString : AV:A/AC:M/Au:N/C:P/I:N/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 5.5 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

}

published : 2015-04-28T14:59:02.560 (string)

references : [ »

0 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156005.html (string)

}

1 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156979.html (string)

}

2 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157006.html (string)

}

3 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00018.html (string)

}

4 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00019.html (string)

}

5 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00001.html (string)

}

6 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.debian.org/security/2015/dsa-3414 (string)

}

7 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/74248 (string)

}

8 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securitytracker.com/id/1032158 (string)

}

9 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : http://xenbits.xen.org/xsa/advisory-132.html (string)

}

10 : { »

source : cve@mitre.org (string)

url : https://security.gentoo.org/glsa/201604-03 (string)

}

11 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156005.html (string)

}

12 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156979.html (string)

}

13 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157006.html (string)

}

14 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00018.html (string)

}

15 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00019.html (string)

}

16 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00001.html (string)

}

17 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.debian.org/security/2015/dsa-3414 (string)

}

18 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/74248 (string)

}

19 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securitytracker.com/id/1032158 (string)

}

20 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : http://xenbits.xen.org/xsa/advisory-132.html (string)

}

21 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://security.gentoo.org/glsa/201604-03 (string)

}

]

sourceIdentifier : cve@mitre.org (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-200 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Show plain JSON

{"acknowledgement": "Red Hat would like to thank Xen project for reporting this issue.", "bugzilla": {"description": "xen: information leak through XEN_DOMCTL_gettscinfo (xsa132)", "id": "1214035", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1214035"}, "csaw": false, "cvss": {"cvss_base_score": "2.3", "cvss_scoring_vector": "AV:A/AC:M/Au:S/C:P/I:N/A:N", "status": "draft"}, "cwe": "CWE-200", "details": ["Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request."], "name": "CVE-2015-3340", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "kernel-xen", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2015-04-20T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-3340\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3340\nhttp://xenbits.xen.org/xsa/advisory-132.html"], "statement": "This issue did not affect the versions of xen as shipped with Red Hat Enterprise Linux 5.", "threat_severity": "Low"}

{

acknowledgement : Red Hat would like to thank Xen project for reporting this issue. (string)

bugzilla : { »

description : xen: information leak through XEN_DOMCTL_gettscinfo (xsa132) (string)

id : 1214035 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=1214035 (string)

}

csaw : false (boolean)

cvss : { »

cvss_base_score : 2.3 (string)

cvss_scoring_vector : AV:A/AC:M/Au:S/C:P/I:N/A:N (string)

status : draft (string)

}

cwe : CWE-200 (string)

details : [ »

0 : Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request. (string)

]

name : CVE-2015-3340 (string)

package_state : [ »

0 : { »

cpe : cpe:/o:redhat:enterprise_linux:5 (string)

fix_state : Not affected (string)

package_name : kernel-xen (string)

product_name : Red Hat Enterprise Linux 5 (string)

}

]

public_date : 2015-04-20T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2015-3340 https://nvd.nist.gov/vuln/detail/CVE-2015-3340 http://xenbits.xen.org/xsa/advisory-132.html (string)

]

statement : This issue did not affect the versions of xen as shipped with Red Hat Enterprise Linux 5. (string)

threat_severity : Low (string)

}

Metrics

Access Vector Adjacent Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Access Vector Adjacent Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object