Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-2151

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2015-2151
Last Modified 25 Mar 2015 10:01:14
Published 12 Mar 2015 10:59:03
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2015-2151

Summary

The x86 emulator in Xen 3.2.x through 4.5.x does not properly ignore segment overrides for instructions with register operands, which allows local guest users to obtain sensitive information, cause a denial of service (memory corruption), or possibly execute arbitrary code via unspecified vectors.

Vulnerable Systems

Operating System

  • Debian Linux 7.0

  • Xen 3.2.0

  • Xen 3.2.1

  • Xen 3.2.2

  • Xen 3.2.3

  • Xen 3.3.0

  • Xen 3.3.1

  • Xen 3.3.2

  • Xen 3.4.0

  • Xen 3.4.1

  • Xen 3.4.2

  • Xen 3.4.3

  • Xen 3.4.4

  • Xen 4.0.0

  • Xen 4.0.1

  • Xen 4.0.2

  • Xen 4.0.3

  • Xen 4.0.4

  • Xen 4.1.0

  • Xen 4.1.1

  • Xen 4.1.2

  • Xen 4.1.3

  • Xen 4.1.4

  • Xen 4.1.5

  • Xen 4.1.6.1

  • Xen 4.2.0

  • Xen 4.2.1

  • Xen 4.2.2

  • Xen 4.2.3

  • Xen 4.3.0

  • Xen 4.3.1

  • Xen 4.4.0

  • Xen 4.4.1

  • Xen 4.5.0


References

CONFIRM - http://xenbits.xen.org/xsa/advisory-123.html

SECTRACK - 1031903

DEBIAN - DSA-3181

SECTRACK - 1031806

FEDORA - FEDORA-2015-3944

FEDORA - FEDORA-2015-3721

FEDORA - FEDORA-2015-3935

Related Patches

Red Hat 2016:0450-01 RHSA Important: kernel security update for RHEL 5 x86

Red Hat 2016:0450-01 RHSA Important: kernel security update for RHEL 5 x86_64


Last Updated: 27 May 2016 11:08:08