CVE-2015-2151

high

Description

The x86 emulator in Xen 3.2.x through 4.5.x does not properly ignore segment overrides for instructions with register operands, which allows local guest users to obtain sensitive information, cause a denial of service (memory corruption), or possibly execute arbitrary code via unspecified vectors.

References

Advisories
More

http://www.securitytracker.com/id/1031903

http://www.securitytracker.com/id/1031806

http://www.debian.org/security/2015/dsa-3181

http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152776.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152588.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152483.html

https://security.gentoo.org/glsa/201604-03

http://xenbits.xen.org/xsa/advisory-123.html

http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-423503.htm

http://www.securityfocus.com/bid/73015

http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

http://support.citrix.com/article/CTX200484

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00014.html

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761

Details

Source: Mitre, NVD

Published: 2015-03-12

Updated: 2025-04-12

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: High

EPSS

EPSS: 0.00284