CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:M/Au:N/C:N/I:P/A:N
AI Score
Confidence
High
EPSS
Percentile
26.5%
Xen 4.5.x and earlier enables certain default backends when emulating a VGA device for an x86 HVM guest qemu even when the configuration disables them, which allows local guest users to obtain access to the VGA console by (1) setting the DISPLAY environment variable, when compiled with SDL support, or connecting to the VNC server on (2) ::1 or (3) 127.0.0.1, when not compiled with SDL support.
Vendor | Product | Version | CPE |
---|---|---|---|
xen | xen | * | cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:* |
fedoraproject | fedora | 20 | cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:* |
fedoraproject | fedora | 21 | cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:* |
fedoraproject | fedora | 22 | cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:* |
lists.fedoraproject.org/pipermail/package-announce/2015-March/152483.html
lists.fedoraproject.org/pipermail/package-announce/2015-March/152588.html
lists.fedoraproject.org/pipermail/package-announce/2015-March/152776.html
lists.opensuse.org/opensuse-security-announce/2015-04/msg00014.html
www.securityfocus.com/bid/73068
www.securitytracker.com/id/1031806
www.securitytracker.com/id/1031919
xenbits.xen.org/xsa/advisory-119.html
security.gentoo.org/glsa/201504-04