CVE-2015-5157 — HIGH (7.2) — White Hats Nepal

Q: How severe is CVE-2015-5157?

CVE-2015-5157 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2015-5157?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Hpc Node, Redhat Enterprise Linux Server, Redhat Enterprise Linux Server Eus, Redhat Enterprise Linux Workstation.

Vulnerability Description

arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform mishandles IRET faults in processing NMIs that occurred during userspace execution, which might allow local users to gain privileges by triggering an NMI.

CVSS Score

7.2

HIGH

AV:L/AC:L/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Redhat	Enterprise Linux Desktop	6.0
Redhat	Enterprise Linux Hpc Node	6.0
Redhat	Enterprise Linux Server	6.0
Redhat	Enterprise Linux Server Eus	6.7.z
Redhat	Enterprise Linux Workstation	6.0
Linux	Linux Kernel	< 3.12.47

Related Weaknesses (CWE)

CWE-264

References

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b6e6aMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00009.htmlThird Party AdvisoryVDB Entry
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00035.htmlThird Party AdvisoryVDB Entry
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.htmlThird Party AdvisoryVDB Entry
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.htmlThird Party AdvisoryVDB Entry
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00013.htmlThird Party AdvisoryVDB Entry
http://rhn.redhat.com/errata/RHSA-2016-0185.htmlThird Party AdvisoryVDB Entry
http://rhn.redhat.com/errata/RHSA-2016-0212.htmlThird Party AdvisoryVDB Entry
http://rhn.redhat.com/errata/RHSA-2016-0224.htmlThird Party AdvisoryVDB Entry
http://rhn.redhat.com/errata/RHSA-2016-0715.htmlThird Party AdvisoryVDB Entry
http://www.debian.org/security/2015/dsa-3313Third Party AdvisoryVDB Entry
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.6Vendor Advisory
http://www.openwall.com/lists/oss-security/2015/07/22/7Mailing List
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.hThird Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.hThird Party Advisory

FAQ

What is CVE-2015-5157?

CVE-2015-5157 is a vulnerability with a CVSS score of 7.2 (HIGH). arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform mishandles IRET faults in processing NMIs that occurred during userspace execution, which might allow local users to g...

How severe is CVE-2015-5157?

CVE-2015-5157 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-5157?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Hpc Node, Redhat Enterprise Linux Server, Redhat Enterprise Linux Server Eus, Redhat Enterprise Linux Workstation.