Unrated severityNVD Advisory· Published Mar 18, 2015· Updated May 6, 2026
CVE-2015-2152
CVE-2015-2152
Description
Xen 4.5.x and earlier enables certain default backends when emulating a VGA device for an x86 HVM guest qemu even when the configuration disables them, which allows local guest users to obtain access to the VGA console by (1) setting the DISPLAY environment variable, when compiled with SDL support, or connecting to the VNC server on (2) ::1 or (3) 127.0.0.1, when not compiled with SDL support.
Affected products
8cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
- osv-coords4 versionspkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2012pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012
< 4.4.1_10-9.1+ 3 more
- (no CPE)range: < 4.4.1_10-9.1
- (no CPE)range: < 4.4.1_10-9.1
- (no CPE)range: < 4.4.1_10-9.1
- (no CPE)range: < 4.4.1_10-9.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- xenbits.xen.org/xsa/advisory-119.htmlnvdPatchVendor Advisory
- lists.fedoraproject.org/pipermail/package-announce/2015-March/152483.htmlnvdThird Party Advisory
- lists.fedoraproject.org/pipermail/package-announce/2015-March/152588.htmlnvdThird Party Advisory
- lists.fedoraproject.org/pipermail/package-announce/2015-March/152776.htmlnvdThird Party Advisory
- www.securitytracker.com/id/1031806nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1031919nvdThird Party AdvisoryVDB Entry
- lists.opensuse.org/opensuse-security-announce/2015-04/msg00014.htmlnvd
- www.securityfocus.com/bid/73068nvd
- security.gentoo.org/glsa/201504-04nvd
News mentions
0No linked articles in our index yet.