ISSUE DESCRIPTION ================= The code handling certain sub-operations of the HYPERVISOR_xen_version hypercall fails to fully initialize all fields of structures subsequently copied back to guest memory. Due to this hypervisor stack contents are copied into the destination of the operation, thus becoming visible to the guest. IMPACT ====== A malicious guest might be able to read sensitive data relating to other guests. VULNERABLE SYSTEMS ================== Xen 3.2.x and later are vulnerable. Xen 3.1.x and earlier have not been inspected.
Acknowledgements: Red Hat would like to thank the Xen project for reporting this issue.
Created attachment 994405 [details] XSA-122 upstream patch for CVE-2015-2045
Statement: This issue does affect the Xen hypervisor as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.
External References: http://xenbits.xen.org/xsa/advisory-122.html