Unrated severityNVD Advisory· Published Mar 18, 2015· Updated Jun 17, 2026
CVE-2015-2152
CVE-2015-2152
Description
Xen 4.5.x and earlier enables certain default backends when emulating a VGA device for an x86 HVM guest qemu even when the configuration disables them, which allows local guest users to obtain access to the VGA console by (1) setting the DISPLAY environment variable, when compiled with SDL support, or connecting to the VNC server on (2) ::1 or (3) 127.0.0.1, when not compiled with SDL support.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
9cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
- osv-coords4 versionspkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2012pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012
< 4.4.1_10-9.1+ 3 more
- (no CPE)range: < 4.4.1_10-9.1
- (no CPE)range: < 4.4.1_10-9.1
- (no CPE)range: < 4.4.1_10-9.1
- (no CPE)range: < 4.4.1_10-9.1
Patches
Vulnerability mechanics
References
9- xenbits.xen.org/xsa/advisory-119.htmlnvdPatchVendor Advisory
- lists.fedoraproject.org/pipermail/package-announce/2015-March/152483.htmlnvdThird Party Advisory
- lists.fedoraproject.org/pipermail/package-announce/2015-March/152588.htmlnvdThird Party Advisory
- lists.fedoraproject.org/pipermail/package-announce/2015-March/152776.htmlnvdThird Party Advisory
- www.securitytracker.com/id/1031806nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1031919nvdThird Party AdvisoryVDB Entry
- lists.opensuse.org/opensuse-security-announce/2015-04/msg00014.htmlnvd
- www.securityfocus.com/bid/73068nvd
- security.gentoo.org/glsa/201504-04nvd
News mentions
0No linked articles in our index yet.