CVE-2015-2151

Impact:
Important
Public Date:
2015-03-10
IAVA:
2016-A-0293
Bugzilla:
1196274: CVE-2015-2151 xen: hypervisor memory corruption due to x86 emulator flaw (xsa123)
It was found that the Xen hypervisor x86 CPU emulator implementation did not correctly handle certain instructions with segment overrides, potentially resulting in a memory corruption. A malicious guest user could use this flaw to read arbitrary data relating to other guests, cause a denial of service on the host, or potentially escalate their privileges on the host.

Find out more about CVE-2015-2151 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This issue does affect the Xen hypervisor packages as shipped with Red Hat Enterprise Linux 5. Future Xen hypervisor packages updates might address this issue.

CVSS v2 metrics

Base Score 6.5
Base Metrics AV:A/AC:H/Au:S/C:C/I:C/A:C
Access Vector Adjacent Network
Access Complexity High
Authentication Single
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 5 (kernel) RHSA-2016:0450 2016-03-15

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 5 kernel-xen Affected

External References

Last Modified
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.