Vulnerability Name:

CVE-2015-3290

Assigned:2015-04-10
Published:2015-08-31
Updated:2017-09-16
Summary:arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform improperly relies on espfix64 during nested NMI processing, which allows local users to gain privileges by triggering an NMI within a certain instruction window.
CVSS v3 Severity:9.3 Critical (CCN CVSS v3 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-264
References:Source: CONFIRM
Type: UNKNOWN
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b6e6a8334d56354853f9c255d1395c2ba570e0a

Source: SUSE
Type: UNKNOWN
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html

Source: DEBIAN
Type: UNKNOWN
http://www.debian.org/security/2015/dsa-3313

Source: CONFIRM
Type: VENDOR_ADVISORY
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.6

Source: MLIST
Type: UNKNOWN
http://www.openwall.com/lists/oss-security/2015/07/22/7

Source: MLIST
Type: UNKNOWN
http://www.openwall.com/lists/oss-security/2015/08/04/8

Source: BID
Type: UNKNOWN
76004

Source: UBUNTU
Type: UNKNOWN
http://www.ubuntu.com/usn/USN-2687-1

Source: UBUNTU
Type: UNKNOWN
http://www.ubuntu.com/usn/USN-2688-1

Source: UBUNTU
Type: UNKNOWN
http://www.ubuntu.com/usn/USN-2689-1

Source: UBUNTU
Type: UNKNOWN
http://www.ubuntu.com/usn/USN-2690-1

Source: UBUNTU
Type: UNKNOWN
http://www.ubuntu.com/usn/USN-2691-1

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=1243465

Source: CONFIRM
Type: UNKNOWN
https://github.com/torvalds/linux/commit/9b6e6a8334d56354853f9c255d1395c2ba570e0a

Source: EXPLOIT-DB
Type: UNKNOWN
37722

Vulnerable Configuration:Configuration 1:
  • cpe:/o:linux:linux_kernel:4.1.5:*:*:*:*:*:*:*

  • Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20153290
    V
    CVE-2015-3290
    2017-03-20
    oval:org.cisecurity:def:157
    P
    DSA-3313-1 -- linux -- security update
    2016-02-08
    oval:com.ubuntu.precise:def:20153290000
    V
    CVE-2015-3290 on Ubuntu 12.04 LTS (precise) - high.
    2015-08-31
    oval:com.ubuntu.trusty:def:20153290000
    V
    CVE-2015-3290 on Ubuntu 14.04 LTS (trusty) - high.
    2015-08-31
    oval:com.ubuntu.xenial:def:20153290000
    V
    CVE-2015-3290 on Ubuntu 16.04 LTS (xenial) - high.
    2015-08-31
    BACK
    linux linux_kernel 4.1.5