Vulnerability Description
The x86 emulator in Xen 3.2.x through 4.5.x does not properly ignore segment overrides for instructions with register operands, which allows local guest users to obtain sensitive information, cause a denial of service (memory corruption), or possibly execute arbitrary code via unspecified vectors.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fedoraproject | Fedora | 20 |
| Debian | Debian Linux | 7.0 |
| Xen | Xen | 3.2.0 |
Related Weaknesses (CWE)
References
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
- http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152483.htmlThird Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152588.htmlThird Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152776.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00014.html
- http://support.citrix.com/article/CTX200484
- http://www.debian.org/security/2015/dsa-3181Third Party Advisory
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.h
- http://www.securityfocus.com/bid/73015
- http://www.securitytracker.com/id/1031806Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1031903Third Party AdvisoryVDB Entry
- http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/
- http://xenbits.xen.org/xsa/advisory-123.htmlPatchVendor Advisory
- https://security.gentoo.org/glsa/201604-03
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
FAQ
What is CVE-2015-2151?
CVE-2015-2151 is a vulnerability with a CVSS score of 7.2 (HIGH). The x86 emulator in Xen 3.2.x through 4.5.x does not properly ignore segment overrides for instructions with register operands, which allows local guest users to obtain sensitive information, cause a ...
How severe is CVE-2015-2151?
CVE-2015-2151 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-2151?
Check the references section above for vendor advisories and patch information. Affected products include: Fedoraproject Fedora, Debian Debian Linux, Xen Xen.