CVE-2015-2151 | Vulnerability Database | Aqua Security

The x86 emulator in Xen 3.2.x through 4.5.x does not properly ignore segment overrides for instructions with register operands, which allows local guest users to obtain sensitive information, cause a denial of service (memory corruption), or possibly execute arbitrary code via unspecified vectors.

Affected Software

Name	Vendor	Start Version	End Version
Fedora	Fedoraproject	20 (including)	20 (including)
Fedora	Fedoraproject	21 (including)	21 (including)
Fedora	Fedoraproject	22 (including)	22 (including)
Red Hat Enterprise Linux 5	RedHat	kernel-0:2.6.18-409.el5	*
Xen	Ubuntu	devel	*
Xen	Ubuntu	precise	*
Xen	Ubuntu	trusty	*
Xen	Ubuntu	upstream	*
Xen	Ubuntu	utopic	*
Xen	Ubuntu	vivid	*
Xen-3.3	Ubuntu	lucid	*
Xen-3.3	Ubuntu	upstream	*

References

http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10761
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152483.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152588.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152776.html
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00014.html
http://support.citrix.com/article/CTX200484
http://www.debian.org/security/2015/dsa-3181
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://www.securityfocus.com/bid/73015
http://www.securitytracker.com/id/1031806
http://www.securitytracker.com/id/1031903
http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-423503.htm
http://xenbits.xen.org/xsa/advisory-123.html
https://security.gentoo.org/glsa/201604-03

NVD	https://nvd.nist.gov/vuln/detail/CVE-2015-2151
CWE	https://cwe.mitre.org/data/definitions/264.html