Lucene search

PRIOn knowledge basePRION:CVE-2015-2152

HistoryMar 18, 2015 - 4:59 p.m.

Default credentials

2015-03-1816:59:00

PRIOn knowledge base

www.prio-n.com

6.5 Medium

AI Score

Confidence

Low

1.9 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

24.4%

JSON

Xen 4.5.x and earlier enables certain default backends when emulating a VGA device for an x86 HVM guest qemu even when the configuration disables them, which allows local guest users to obtain access to the VGA console by (1) setting the DISPLAY environment variable, when compiled with SDL support, or connecting to the VNC server on (2) ::1 or (3) 127.0.0.1, when not compiled with SDL support.

CPENameOperatorVersion
fedoraeq22
fedoraeq20
fedoraeq21
xenle4.5.0

Name	Operator	Version
fedora	eq	22
fedora	eq	20
fedora	eq	21
xen	le	4.5.0

References

lists.opensuse.org/opensuse-security-announce/2015-04/msg00014.html

www.securityfocus.com/bid/73068

www.securitytracker.com/id/1031806

www.securitytracker.com/id/1031919

xenbits.xen.org/xsa/advisory-119.html

lists.fedoraproject.org/pipermail/package-announce/2015-March/152483.html

lists.fedoraproject.org/pipermail/package-announce/2015-March/152588.html

lists.fedoraproject.org/pipermail/package-announce/2015-March/152776.html

security.gentoo.org/glsa/201504-04

6.5 Medium

AI Score

Confidence

Low

1.9 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

24.4%

JSON

Related for PRION:CVE-2015-2152