Computer Security
[EN] securityvulns.ru no-pyccku


Xen multiple security vulnerabilities
Published:15.03.2015
Source:
SecurityVulns ID:14307
Type:local
Threat Level:
6/10
Description:Information leakage, DoS, privilege escalation.
Affected:XEN : Xen 3.2
 XEN : Xen 4.5
CVE:CVE-2015-2151 (The x86 emulator in Xen 3.2.x through 4.5.x does not properly ignore segment overrides for instructions with register operands, which allows local guest users to obtain sensitive information, cause a denial of service (memory corruption), or possibly execute arbitrary code via unspecified vectors.)
 CVE-2015-2045 (The HYPERVISOR_xen_version hypercall in Xen 3.2.x through 4.5.x does not properly initialize data structures, which allows local guest users to obtain sensitive information via unspecified vectors.)
 CVE-2015-2044 (The emulation routines for unspecified X86 devices in Xen 3.2.x through 4.5.x does not properly initialize data, which allow local HVM guest users to obtain sensitive information via vectors involving an unsupported access size.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 3181-1] xen security update (15.03.2015)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod