CVE-2015-2152

2015-03-1816:59:02

CWE-264

mitre

web.nvd.nist.gov

xen

cve-2015-2152

security

vulnerability

vga console

nvd

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

26.5%

JSON

Xen 4.5.x and earlier enables certain default backends when emulating a VGA device for an x86 HVM guest qemu even when the configuration disables them, which allows local guest users to obtain access to the VGA console by (1) setting the DISPLAY environment variable, when compiled with SDL support, or connecting to the VNC server on (2) ::1 or (3) 127.0.0.1, when not compiled with SDL support.

Affected configurations

Nvd

Node

xenxenRange≤4.5.0

Node

fedoraprojectfedoraMatch20

fedoraprojectfedoraMatch21

fedoraprojectfedoraMatch22

VendorProductVersionCPE
xenxen*cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*
fedoraprojectfedora20cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*
fedoraprojectfedora21cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
fedoraprojectfedora22cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
xen	xen	*	cpe:2.3:o:xen:xen::::::::
fedoraproject	fedora	20	cpe:2.3:o:fedoraproject:fedora:20:::::::*
fedoraproject	fedora	21	cpe:2.3:o:fedoraproject:fedora:21:::::::*
fedoraproject	fedora	22	cpe:2.3:o:fedoraproject:fedora:22:::::::*