Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @

EGI CSIRT:Alerts/Xen-2015-04-15

From EGIWiki
Jump to navigation Jump to search
EGI-CSIRT web site EGI-CSIRT Public wiki EGI-CSIRT Contacts EGI-CSIRT Activities EGI-CSIRT Private wiki

** WHITE information - Unlimited distribution allowed                       **  

** see for distribution restrictions **


Title:       EGI Alert 'High' risk - Xen Vulnerability Hypervisor memory 

corruption due to x86 emulator flaw CVE-2015-2151  [EGI-ADV-20150415]

Date:        2015-04-15



Currently there is increasing use of the Xen hypervisor in the EGI infrastructure. 

Vulnerabilities for the Xen hypervisor are listed in [R 1]

One of these vulnerabilities CVE-2015-2151 (123 on the list, announced on 10th 

March 2015) we consider needs to be treated as 'High' risk.  


See [R 1] and [R 2]

Risk category

This issue has been assessed as 'High' EGI SVG Risk Assessment Team 


If sites are using the Xen hypervisor, and have not updated in the last month, 

they should update as soon as possible.


[R 1] Xen vulnerability list

[R 2]


2015-03-05 SVG alerted to Xen vulnerabilities list
2015-03-10 SVG alerted to further Xen vulnerabilities, including the one referred  

          to in this advisory
2015-03-11 Initial assessment made, few commented due to small number of people 
           in EGI SVG with expertise on Xen.
2015-04-14 Decision to send alert, as most experienced person considered it to be
          'high' risk 
2015-04-15 Alert sent to sites.