Vulnerability Name: CVE-2015-8844 (CCN-112155) Assigned: 2016-04-13 Published: 2016-04-13 Updated: 2018-01-05 Summary: The signal implementation in the Linux kernel before 4.3.5 on powerpc platforms does not check for an MSR with both the S and T bits set, which allows local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application. CVSS v3 Severity: 5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 4.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): RequiredScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): High
6.2 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 5.4 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): High
CVSS v2 Severity: 4.7 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:N/A:C Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Complete
4.9 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Complete
4.4 Medium (REDHAT CVSS v2 Vector: AV:L/AC:M/Au:S/C:N/I:N/A:C Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): MediumAuthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Complete
Vulnerability Type: CWE-20 CWE-772 Vulnerability Consequences: Denial of Service References: Source: MITRECVE-2015-8844 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d2b9d2a5ad5ef04ff978c9923d19730cb05efd55 Important: kernel security, bug fix, and enhancement update RHSA-2016:2574 Important: kernel-rt security, bug fix, and enhancement update RHSA-2016:2584 CVE Request: Linux kernel: incorrect restoration of machine specific registers from signal handler. Re: CVE Request: Linux kernel: incorrect restoration of machine specific registers from signal handler. Vulnerabilities in the Linux Kernel affect PowerKVM Vulnerabilities in kernel affect Power Hardware Management Console Multiple vulnerabilities in Linux Kernel affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products IBM QRadar Network Security is affected by multiple vulnerabilities in Linux Kernel IBM Security Access Manager version 9.0.3.0 appliances are affected by multiple kernel vulnerabilities http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.5 [oss-security] 20160413 CVE Request: Linux kernel: incorrect restoration of machine specific registers from signal handler. 1035594 kernel: incorrect restoration of machine specific registers from userspace https://bugzilla.redhat.com/show_bug.cgi?id=1326540 linux-kernel-cve20158844-dos(112155) powerpc/tm: Block signal return setting invalid MSR state https://github.com/torvalds/linux/commit/d2b9d2a5ad5ef04ff978c9923d19730cb05efd55 CVE-2015-8844 Vulnerable Configuration: Configuration 1 :cpe:/o:linux:linux_kernel:*:*:*:*:*:*:*:* (Version <= 4.3.4)Configuration RedHat 1 :cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:* Configuration RedHat 2 :cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:* Configuration RedHat 3 :cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:* Configuration RedHat 4 :cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:* Configuration RedHat 5 :cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:* Configuration RedHat 6 :cpe:/a:redhat:rhel_extras_rt:7:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/o:linux:linux_kernel:-:*:*:*:*:*:*:* AND cpe:/a:ibm:storwize_v7000_software:6.1:*:*:*:*:*:*:* OR cpe:/a:ibm:storwize_v7000_software:6.2:*:*:*:*:*:*:* OR cpe:/a:ibm:storwize_v7000_software:6.3:*:*:*:*:*:*:* OR cpe:/a:ibm:storwize_v7000_software:6.4:*:*:*:*:*:*:* OR cpe:/a:ibm:storwize_v7000_software:7.1:*:*:*:*:*:*:* OR cpe:/a:ibm:storwize_v7000_software:7.2:*:*:*:*:*:*:* OR cpe:/a:ibm:powerkvm:2.1:*:*:*:*:*:*:* OR cpe:/a:ibm:storwize_v7000_software:7.3:*:*:*:*:*:*:* OR cpe:/a:ibm:storwize_v7000_software:7.4:*:*:*:*:*:*:* OR cpe:/a:ibm:storwize_v7000_software:7.5:*:*:*:*:*:*:* OR cpe:/a:ibm:storwize_v7000_software:7.6:*:*:*:*:*:*:* OR cpe:/a:ibm:powerkvm:3.1:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_desktop:7:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_hpc_node:7:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_server:7:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_workstation:7:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_for_real_time:7:*:*:*:*:*:*:* OR cpe:/a:ibm:storwize_v7000_software:7.6.1:*:*:*:*:*:*:* OR cpe:/a:ibm:storwize_v7000_software:7.7:*:*:*:*:*:*:* OR cpe:/a:ibm:storwize_v7000_software:7.7.1:*:*:*:*:*:*:* OR cpe:/a:ibm:storwize_v7000_software:7.8:*:*:*:*:*:*:* OR cpe:/a:ibm:storwize_v7000_software:7.8.1:*:*:*:*:*:*:* OR cpe:/a:ibm:qradar_network_security:5.4:*:*:*:*:*:*:* OR cpe:/o:ibm:security_access_manager_firmware:9.0.3:*:*:*:*:*:*:* OR cpe:/a:ibm:storwize_v7000_software:8.1:*:*:*:*:*:*:* OR cpe:/a:ibm:storwize_v7000_software:8.1.1:*:*:*:*:*:*:* Oval Definitions BACK
linux linux kernel *
linux linux kernel -
ibm storwize v7000 software 6.1
ibm storwize v7000 software 6.2
ibm storwize v7000 software 6.3
ibm storwize v7000 software 6.4
ibm storwize v7000 software 7.1
ibm storwize v7000 software 7.2
ibm powerkvm 2.1
ibm storwize v7000 software 7.3
ibm storwize v7000 software 7.4
ibm storwize v7000 software 7.5
ibm storwize v7000 software 7.6
ibm powerkvm 3.1
redhat enterprise linux desktop 7
redhat enterprise linux hpc node 7
redhat enterprise linux server 7
redhat enterprise linux workstation 7
redhat enterprise linux for real time 7
ibm storwize v7000 software 7.6.1
ibm storwize v7000 software 7.7
ibm storwize v7000 software 7.7.1
ibm storwize v7000 software 7.8
ibm storwize v7000 software 7.8.1
ibm qradar network security 5.4
ibm security access manager firmware 9.0.3
ibm storwize v7000 software 8.1
ibm storwize v7000 software 8.1.1
Denotes that component is vulnerable