Main Vulnerability Database SB2015031111

SB2015031111 - Fedora 21 update for xen

Published: March 11, 2015 Updated: April 24, 2025

Security Bulletin ID SB2015031111

Severity

Low

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2015-2151)

The vulnerability allows a local non-authenticated attacker to execute arbitrary code.

The x86 emulator in Xen 3.2.x through 4.5.x does not properly ignore segment overrides for instructions with register operands, which allows local guest users to obtain sensitive information, cause a denial of service (memory corruption), or possibly execute arbitrary code via unspecified vectors.

2) Resource management error (CVE-ID: CVE-2015-1563)

The vulnerability allows a local non-authenticated attacker to perform service disruption.

The ARM GIC distributor virtualization in Xen 4.4.x and 4.5.x allows local guests to cause a denial of service by causing a large number messages to be logged.

Remediation

Install update from vendor's website.

References

https://bodhi.fedoraproject.org/updates/FEDORA-2015-ffe8a7b718