It was found that the Xen hypervisor x86 CPU emulator implementation did not correctly handle certain instructions with segment overrides, potentially resulting in a memory corruption. A malicious guest user could use this flaw to read arbitrary data relating to other guests, cause a denial of service on the host, or potentially escalate their privileges on the host.
Find out more about CVE-2015-2151 from the MITRE CVE dictionary dictionary and NIST NVD.
This issue does affect the Xen hypervisor packages as shipped with Red Hat Enterprise Linux 5. Future Xen hypervisor packages updates might address this issue.
| Base Score | 6.5 |
|---|---|
| Base Metrics | AV:A/AC:H/Au:S/C:C/I:C/A:C |
| Access Vector | Adjacent Network |
| Access Complexity | High |
| Authentication | Single |
| Confidentiality Impact | Complete |
| Integrity Impact | Complete |
| Availability Impact | Complete |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat Enterprise Linux 5 (kernel) | RHSA-2016:0450 | 2016-03-15 |
| Platform | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 5 | kernel-xen | Affected |
Vulmon