CVE-2015-2151
Last modified
CVE-2015-2151 is a vulnerability of currently unknown severity. The x86 emulator in Xen 3.2.x through 4.5.x does not properly ignore segment overrides for instructions with register operands, which allows local guest users to obtain sensitive information, cause a denial of service (memory corruption), or possibly execute arbitrary code via unspecified vectors.. EPSS estimates a 0.57% chance of exploitation in the next 30 days.
Description
The x86 emulator in Xen 3.2.x through 4.5.x does not properly ignore segment overrides for instructions with register operands, which allows local guest users to obtain sensitive information, cause a denial of service (memory corruption), or possibly execute arbitrary code via unspecified vectors.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Fedoraproject | Fedora | 20 |
| Fedoraproject | Fedora | 21 |
| Fedoraproject | Fedora | 22 |
| Debian | Debian Linux | 7.0 |
| Xen | Xen | 3.2.0 |
| Xen | Xen | 3.2.1 |
| Xen | Xen | 3.2.2 |
| Xen | Xen | 3.2.3 |
| Xen | Xen | 3.3.0 |
| Xen | Xen | 3.3.1 |
| Xen | Xen | 3.3.2 |
| Xen | Xen | 3.4.0 |
| Xen | Xen | 3.4.1 |
| Xen | Xen | 3.4.2 |
| Xen | Xen | 3.4.3 |
| Xen | Xen | 3.4.4 |
| Xen | Xen | 4.0.0 |
| Xen | Xen | 4.0.1 |
| Xen | Xen | 4.0.2 |
| Xen | Xen | 4.0.3 |
| Xen | Xen | 4.0.4 |
| Xen | Xen | 4.1.0 |
| Xen | Xen | 4.1.1 |
| Xen | Xen | 4.1.2 |
| Xen | Xen | 4.1.3 |
| Xen | Xen | 4.1.4 |
| Xen | Xen | 4.1.5 |
| Xen | Xen | 4.1.6.1 |
| Xen | Xen | 4.2.0 |
| Xen | Xen | 4.2.1 |
| Xen | Xen | 4.2.2 |
| Xen | Xen | 4.2.3 |
| Xen | Xen | 4.3.0 |
| Xen | Xen | 4.3.1 |
| Xen | Xen | 4.4.0 |
| Xen | Xen | 4.4.1 |
| Xen | Xen | 4.5.0 |
References
- http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152483.htmlThird Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152588.htmlThird Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152776.htmlThird Party Advisory
- http://www.debian.org/security/2015/dsa-3181Third Party Advisory
- http://www.securitytracker.com/id/1031806Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1031903Third Party Advisory, VDB Entry
- http://xenbits.xen.org/xsa/advisory-123.htmlPatch, Vendor Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152483.htmlThird Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152588.htmlThird Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152776.htmlThird Party Advisory
- http://www.debian.org/security/2015/dsa-3181Third Party Advisory
- http://www.securitytracker.com/id/1031806Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1031903Third Party Advisory, VDB Entry
- http://xenbits.xen.org/xsa/advisory-123.htmlPatch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2015-2151?
How severe is CVE-2015-2151?
How do I fix CVE-2015-2151?
Are you affected by CVE-2015-2151?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST