CVE-2015-0777
Description
drivers/xen/usbback/usbback.c in linux-2.6.18-xen-3.4.0 (aka the Xen 3.4.x support patches for the Linux kernel 2.6.18), as used in the Linux kernel 2.6.x and 3.x in SUSE Linux distributions, allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory via unspecified vectors.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| debian | bookworm | fixed | 0 |
| debian | bullseye | fixed | 0 |
| debian | forky | fixed | 0 |
| debian | sid | fixed | 0 |
| debian | trixie | fixed | 0 |
| linux-kernel | 2.6.18 | not-affected | |
References
- http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.html
- http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.html
- http://www.securityfocus.com/bid/73921
- https://bugzilla.novell.com/show_bug.cgi?id=917830
- https://security-tracker.debian.org/tracker/CVE-2015-0777
CWEs
CWE-200
💬 Discuss CVE-2015-0777 on VIR Community →
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.