CVE-2015-2151 Information

Description

The x86 emulator in Xen 3.2.x through 4.5.x does not properly ignore segment overrides for instructions with register operands which allows local guest users to obtain sensitive information cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors.

Reference

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152483.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152588.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152776.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00014.html http://support.citrix.com/article/CTX200484 http://www.debian.org/security/2015/dsa-3181 http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html http://www.securityfocus.com/bid/73015 http://www.securitytracker.com/id/1031806 http://www.securitytracker.com/id/1031903 http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-423503.htm http://xenbits.xen.org/xsa/advisory-123.html https://security.gentoo.org/glsa/201604-03