CVE-2015-2152

Name of the Vulnerable Software and Affected Versions Xen versions 4.5.x and earlier

Description The issue allows local guest users to obtain access to the VGA console. This can be achieved by setting the DISPLAY environment variable when compiled with SDL support, or by connecting to the VNC server on ::1 or 127.0.0.1 when not compiled with SDL support.

Recommendations For Xen versions 4.5.x and earlier, consider disabling the VGA console emulation for x86 HVM guests as a temporary workaround until a patch is available. Restrict access to the VNC server to minimize the risk of exploitation. Avoid using the DISPLAY environment variable in affected configurations until the issue is resolved.