Vulnerability Name:

CVE-2015-3291 (CCN-106370)

Assigned:2015-07-17
Published:2015-07-17
Updated:2016-12-22
Summary:arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform does not properly determine when nested NMI processing is occurring, which allows local users to cause a denial of service (skipped NMI) by modifying the rsp register, issuing a syscall instruction, and triggering an NMI.
CVSS v3 Severity:4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
3.5 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-17
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2015-3291

Source: CONFIRM
Type: UNKNOWN
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=810bc075f78ff2c221536eb3008eac6a492dba2d

Source: CCN
Type: Linux Kernel GIT Repository
x86/nmi/64: Switch stacks on userspace NMI entry

Source: DEBIAN
Type: UNKNOWN
DSA-3313

Source: CONFIRM
Type: Vendor Advisory
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.6

Source: MLIST
Type: UNKNOWN
[oss-security] 20150722 Linux x86_64 NMI security issues

Source: BID
Type: UNKNOWN
76003

Source: CCN
Type: BID-76003
Linux Kernel 'x86/entry/entry_64.S' Local Security Bypass Vulnerability

Source: UBUNTU
Type: UNKNOWN
USN-2687-1

Source: UBUNTU
Type: UNKNOWN
USN-2688-1

Source: UBUNTU
Type: UNKNOWN
USN-2689-1

Source: UBUNTU
Type: UNKNOWN
USN-2690-1

Source: UBUNTU
Type: UNKNOWN
USN-2691-1

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=1243489

Source: XF
Type: UNKNOWN
linux-kernel-cve20153291-dos(106370)

Source: CONFIRM
Type: UNKNOWN
https://github.com/torvalds/linux/commit/810bc075f78ff2c221536eb3008eac6a492dba2d

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2015-3291

Vulnerable Configuration:Configuration 1:
  • cpe:/o:linux:linux_kernel:*:*:*:*:*:*:*:* (Version <= 4.1.5)

    • Configuration CCN 1:
  • cpe:/o:linux:linux_kernel:4.1.5:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.cisecurity:def:157
    P
    		DSA-3313-1 -- linux -- security update
    2016-02-08
    oval:com.ubuntu.precise:def:20153291000
    V
    		CVE-2015-3291 on Ubuntu 12.04 LTS (precise) - low.
    2015-08-31
    oval:com.ubuntu.xenial:def:201532910000000
    V
    		CVE-2015-3291 on Ubuntu 16.04 LTS (xenial) - low.
    2015-08-31
    oval:com.ubuntu.trusty:def:20153291000
    V
    		CVE-2015-3291 on Ubuntu 14.04 LTS (trusty) - low.
    2015-08-31
    oval:com.ubuntu.xenial:def:20153291000
    V
    		CVE-2015-3291 on Ubuntu 16.04 LTS (xenial) - low.
    2015-08-31
    BACK
    linux linux kernel *
    linux linux kernel 4.1.5