Lucene search

K

[email protected]NVD:CVE-2015-2152

HistoryMar 18, 2015 - 4:59 p.m.

CVE-2015-2152

2015-03-1816:59:02

CWE-264

[email protected]

web.nvd.nist.gov

1

1.9 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:M/Au:N/C:N/I:P/A:N

8.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.6%

Xen 4.5.x and earlier enables certain default backends when emulating a VGA device for an x86 HVM guest qemu even when the configuration disables them, which allows local guest users to obtain access to the VGA console by (1) setting the DISPLAY environment variable, when compiled with SDL support, or connecting to the VNC server on (2) ::1 or (3) 127.0.0.1, when not compiled with SDL support.

Affected configurations

NVD

Node

xenxenRange≤4.5.0

Node

fedoraprojectfedoraMatch20

OR

fedoraprojectfedoraMatch21

OR

fedoraprojectfedoraMatch22

References

lists.fedoraproject.org/pipermail/package-announce/2015-March/152483.html

lists.fedoraproject.org/pipermail/package-announce/2015-March/152588.html

lists.fedoraproject.org/pipermail/package-announce/2015-March/152776.html

lists.opensuse.org/opensuse-security-announce/2015-04/msg00014.html

www.securityfocus.com/bid/73068

www.securitytracker.com/id/1031806

www.securitytracker.com/id/1031919

xenbits.xen.org/xsa/advisory-119.html

security.gentoo.org/glsa/201504-04

1.9 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:M/Au:N/C:N/I:P/A:N

8.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.6%

Related for NVD:CVE-2015-2152

cve1 prion1 cvelist1 freebsd1 nessus12 ubuntucve1 debiancve1 xen1 openvas20 fedora14 kaspersky1 suse3 gentoo1 mageia1