CVE-2015-2151 — Out-of-bounds Write in XEN

CWE-2647 documents6 sources

Severity

7.2HIGHNVD

EPSS

0.2%

top 53.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN Debian Linux +1 more

Timeline

PublishedMar 12

Latest updateMay 14

Description

The x86 emulator in Xen 3.2.x through 4.5.x does not properly ignore segment overrides for instructions with register operands, which allows local guest users to obtain sensitive information, cause a denial of service (memory corruption), or possibly execute arbitrary code via unspecified vectors.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages3 packages

▶debiandebian/xen< xen 4.4.1-8 (bookworm)

▶Debianxen/xen< 4.4.1-8+3

▶NVDxen/xen33 versions+32

Also affects: Debian Linux 7.0, Fedora 20, 21, 22

Patches

Patch: xenbits.xen.org ↗Patch: xenbits.xen.org ↗

🔴Vulnerability Details

GHSA

GHSA-mp6j-2xjg-wm8g: The x86 emulator in Xen 3↗2022-05-14

▶

OSV

CVE-2015-2151: The x86 emulator in Xen 3↗2015-03-12

▶

📋Vendor Advisories

Red Hat

xen: hypervisor memory corruption due to x86 emulator flaw (xsa123)↗2015-03-10

▶

Debian

CVE-2015-2151: xen - The x86 emulator in Xen 3.2.x through 4.5.x does not properly ignore segment ove...↗2015

▶

💬Community

Bugzilla

CVE-2015-2151 xen: hypervisor memory corruption due to x86 emulator flaw (xsa123) [fedora-all]↗2015-03-10

▶

Bugzilla

CVE-2015-2151 xen: hypervisor memory corruption due to x86 emulator flaw (xsa123)↗2015-02-25

▶