CVE-2015-3291

arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform does not properly determine when nested NMI processing is occurring, which allows local users to cause a denial of service (skipped NMI) by modifying the rsp register, issuing a syscall instruction, and triggering an NMI.

CVSS v2.0 2.1 LOW

2.1^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=810bc075f78ff2c221536eb3008eac6a492dba2d
http://www.debian.org/security/2015/dsa-3313
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.6	Vendor Advisory
http://www.openwall.com/lists/oss-security/2015/07/22/7
http://www.securityfocus.com/bid/76003
http://www.ubuntu.com/usn/USN-2687-1
http://www.ubuntu.com/usn/USN-2688-1
http://www.ubuntu.com/usn/USN-2689-1
http://www.ubuntu.com/usn/USN-2690-1
http://www.ubuntu.com/usn/USN-2691-1
https://bugzilla.redhat.com/show_bug.cgi?id=1243489
https://github.com/torvalds/linux/commit/810bc075f78ff2c221536eb3008eac6a492dba2d
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=810bc075f78ff2c221536eb3008eac6a492dba2d
http://www.debian.org/security/2015/dsa-3313
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.6	Vendor Advisory
http://www.openwall.com/lists/oss-security/2015/07/22/7
http://www.securityfocus.com/bid/76003
http://www.ubuntu.com/usn/USN-2687-1
http://www.ubuntu.com/usn/USN-2688-1
http://www.ubuntu.com/usn/USN-2689-1
http://www.ubuntu.com/usn/USN-2690-1
http://www.ubuntu.com/usn/USN-2691-1
https://bugzilla.redhat.com/show_bug.cgi?id=1243489
https://github.com/torvalds/linux/commit/810bc075f78ff2c221536eb3008eac6a492dba2d

Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

History

21 Nov 2024, 02:29

Type	Values Removed	Values Added
References	~~() http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=810bc075f78ff2c221536eb3008eac6a492dba2d -~~	() http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=810bc075f78ff2c221536eb3008eac6a492dba2d -
References	~~() http://www.debian.org/security/2015/dsa-3313 -~~	() http://www.debian.org/security/2015/dsa-3313 -
References	~~() http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.6 - Vendor Advisory~~	() http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.6 - Vendor Advisory
References	~~() http://www.openwall.com/lists/oss-security/2015/07/22/7 -~~	() http://www.openwall.com/lists/oss-security/2015/07/22/7 -
References	~~() http://www.securityfocus.com/bid/76003 -~~	() http://www.securityfocus.com/bid/76003 -
References	~~() http://www.ubuntu.com/usn/USN-2687-1 -~~	() http://www.ubuntu.com/usn/USN-2687-1 -
References	~~() http://www.ubuntu.com/usn/USN-2688-1 -~~	() http://www.ubuntu.com/usn/USN-2688-1 -
References	~~() http://www.ubuntu.com/usn/USN-2689-1 -~~	() http://www.ubuntu.com/usn/USN-2689-1 -
References	~~() http://www.ubuntu.com/usn/USN-2690-1 -~~	() http://www.ubuntu.com/usn/USN-2690-1 -
References	~~() http://www.ubuntu.com/usn/USN-2691-1 -~~	() http://www.ubuntu.com/usn/USN-2691-1 -
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=1243489 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=1243489 -
References	~~() https://github.com/torvalds/linux/commit/810bc075f78ff2c221536eb3008eac6a492dba2d -~~	() https://github.com/torvalds/linux/commit/810bc075f78ff2c221536eb3008eac6a492dba2d -

Information

Published : 2015-08-31 10:59

Updated : 2024-11-21 02:29

NVD link : CVE-2015-3291

Mitre link : CVE-2015-3291

CVE.ORG link : CVE-2015-3291

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-17

DEPRECATED: Code

2.1 /10