CVE-2015-2151

Description

The x86 emulator in Xen 3.2.x through 4.5.x does not properly ignore segment overrides for instructions with register operands, which allows local guest users to obtain sensitive information, cause a denial of service (memory corruption), or possibly execute arbitrary code via unspecified vectors.

References

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761

http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152483.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152588.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152776.html

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00014.html

http://support.citrix.com/article/CTX200484

http://www.debian.org/security/2015/dsa-3181

http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

http://www.securityfocus.com/bid/73015

http://www.securitytracker.com/id/1031806

http://www.securitytracker.com/id/1031903

http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-423503.htm

http://xenbits.xen.org/xsa/advisory-123.html

https://security.gentoo.org/glsa/201604-03

Details

Risk Information

CVSS v2