CVE-2015-2151

Sažetak

The x86 emulator in Xen 3.2.x through 4.5.x does not properly ignore segment overrides for instructions with register operands, which allows local guest users to obtain sensitive information, cause a denial of service (memory corruption), or possibly execute arbitrary code via unspecified vectors.

Reference

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152483.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152588.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152776.html
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00014.html
http://support.citrix.com/article/CTX200484
http://www.debian.org/security/2015/dsa-3181
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://www.securityfocus.com/bid/73015
http://www.securitytracker.com/id/1031806
http://www.securitytracker.com/id/1031903
http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-423503.htm
http://xenbits.xen.org/xsa/advisory-123.html
https://security.gentoo.org/glsa/201604-03

CVSS

Base:	7.2
Impact:	10.0
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

30-10-2018 - 16:26

Objavljeno

12-03-2015 - 14:59