Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-2152


Vulnerability Score 1.9 1.9
CVE Id CVE-2015-2152
Last Modified 25 Mar 2015 10:01:15
Published 18 Mar 2015 12:59:02
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE



Xen 4.5.x and earlier enables certain default backends when emulating a VGA device for an x86 HVM guest qemu even when the configuration disables them, which allows local guest users to obtain access to the VGA console by (1) setting the DISPLAY environment variable, when compiled with SDL support, or connecting to the VNC server on (2) ::1 or (3), when not compiled with SDL support.

Vulnerable Systems


  • Xen 4.5.0



SECTRACK - 1031919

SECTRACK - 1031806

FEDORA - FEDORA-2015-3944

FEDORA - FEDORA-2015-3721

FEDORA - FEDORA-2015-3935

Last Updated: 27 May 2016 11:08:12