CVE-2015-2151

Fedora - Access Control

Title source: rule
STIX 2.1

Description

The x86 emulator in Xen 3.2.x through 4.5.x does not properly ignore segment overrides for instructions with register operands, which allows local guest users to obtain sensitive information, cause a denial of service (memory corruption), or possibly execute arbitrary code via unspecified vectors.

References (14)

Core 14
Core References
Vendor Advisory x_refsource_confirm
http://support.citrix.com/article/CTX200484
Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152776.html
Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152588.html
Patch, Vendor Advisory x_refsource_confirm
http://xenbits.xen.org/xsa/advisory-123.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1031903
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2015/dsa-3181
Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152483.html
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201604-03
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/73015
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1031806

Scores

EPSS 0.0024
EPSS Percentile 46.4%

Details

CWE
CWE-264
Status published
Products (37)
debian/debian_linux 7.0
fedoraproject/fedora 20
fedoraproject/fedora 21
fedoraproject/fedora 22
xen/xen 3.2.0
xen/xen 3.2.1
xen/xen 3.2.2
xen/xen 3.2.3
xen/xen 3.3.0
xen/xen 3.3.1
... and 27 more
Published Mar 12, 2015
Tracked Since Feb 18, 2026