DEBIAN-CVE-2015-2152

DEBIAN-CVE-2015-2152 PUBLISHED

Xen 4.5.x and earlier enables certain default backends when emulating a VGA device for an x86 HVM guest qemu even when the configuration disables them, which allows local guest users to obtain access to the VGA console by (1) setting the DISPLAY environment variable, when compiled with SDL support, or connecting to the VNC server on (2) ::1 or (3) 127.0.0.1, when not compiled with SDL support.

Affected Products

Vendor	Product	Versions
Debian:13	xen	0, 0, 0
Debian:14	xen	0, 0, 0
Debian:11	xen	0, 0, 0
Debian:12	xen	0, 0, 0

Timeline

Mar 18, 2015 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2015-2152 advisory

Open in Interactive Console →