The x86 emulator in Xen 3.2.x through 4.5.x does not properly ignore segment overrides for instructions with register operands, which allows local guest users to obtain sensitive information, cause a denial of service (memory corruption), or possibly execute arbitrary code via unspecified vectors.
kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
lists.fedoraproject.org/pipermail/package-announce/2015-March/152483.html
lists.fedoraproject.org/pipermail/package-announce/2015-March/152588.html
lists.fedoraproject.org/pipermail/package-announce/2015-March/152776.html
lists.opensuse.org/opensuse-security-announce/2015-04/msg00014.html
support.citrix.com/article/CTX200484
www.debian.org/security/2015/dsa-3181
www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
www.securityfocus.com/bid/73015
www.securitytracker.com/id/1031806
www.securitytracker.com/id/1031903
www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-423503.htm
xenbits.xen.org/xsa/advisory-123.html
security.gentoo.org/glsa/201604-03