{
  "threat_severity" : "Important",
  "public_date" : "2015-03-10T00:00:00Z",
  "bugzilla" : {
    "description" : "xen: hypervisor memory corruption due to x86 emulator flaw (xsa123)",
    "id" : "1196274",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1196274"
  },
  "cvss" : {
    "cvss_base_score" : "6.5",
    "cvss_scoring_vector" : "AV:A/AC:H/Au:S/C:C/I:C/A:C",
    "status" : "verified"
  },
  "details" : [ "The x86 emulator in Xen 3.2.x through 4.5.x does not properly ignore segment overrides for instructions with register operands, which allows local guest users to obtain sensitive information, cause a denial of service (memory corruption), or possibly execute arbitrary code via unspecified vectors.", "It was found that the Xen hypervisor x86 CPU emulator implementation did not correctly handle certain instructions with segment overrides, potentially resulting in a memory corruption. A malicious guest user could use this flaw to read arbitrary data relating to other guests, cause a denial of service on the host, or potentially escalate their privileges on the host." ],
  "statement" : "This issue does affect the Xen hypervisor packages as shipped with Red Hat Enterprise Linux 5. Future Xen hypervisor packages updates might address this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2016-03-15T00:00:00Z",
    "advisory" : "RHSA-2016:0450",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "kernel-0:2.6.18-409.el5"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2015-2151\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2151\nhttp://xenbits.xen.org/xsa/advisory-123.html" ],
  "name" : "CVE-2015-2151",
  "csaw" : false
}