[kernel-sec-discuss] r3872 - active
Ben Hutchings
benh at moszumanska.debian.org
Wed Jul 22 21:42:30 UTC 2015
Author: benh
Date: 2015-07-22 21:42:30 +0000 (Wed, 22 Jul 2015)
New Revision: 3872
Added:
active/CVE-2015-3290
active/CVE-2015-3291
active/CVE-2015-5157
Log:
Add x86_64 NMI issues
Added: active/CVE-2015-3290
===================================================================
--- active/CVE-2015-3290 (rev 0)
+++ active/CVE-2015-3290 2015-07-22 21:42:30 UTC (rev 3872)
@@ -0,0 +1,16 @@
+Description: Privilege escalation by triggering nested NMI on x86_64
+References: https://marc.info/?l=oss-security&m=143758877425647&w=2
+Notes:
+ Seems to have been introduced by espfix64 in 3.16, but only in combination
+ with commit 3f3c8b8c4b2a ("x86: Add workaround to NMI iret woes", 3.3)
+ and commit e00b12e64be9 ("perf/x86: Further optimize copy_from_user_nmi()",
+ 3.13). espfix64 was backported to 3.2 but the others weren't.
+Bugs:
+upstream: pending (4.2-rc3) [9d05041679904b12c12421cbcf9cb5f4860a8d7b, 0e181bb58143cb4a2e8f01c281b0816cd0e4798e, 9b6e6a8334d56354853f9c255d1395c2ba570e0a]
+3.16-upstream-stable: needed
+3.2-upstream-stable: N/A ("Vulnerable code not present")
+2.6.32-upstream-stable: N/A ("Vulnerable code not present")
+sid: pending (4.0.8-2)
+3.16-jessie-security: pending (3.16.7-ckt11-1+deb8u2)
+3.2-wheezy-security: N/A ("Vulnerable code not present")
+2.6.32-squeeze-security: N/A ("Vulnerable code not present")
Added: active/CVE-2015-3291
===================================================================
--- active/CVE-2015-3291 (rev 0)
+++ active/CVE-2015-3291 2015-07-22 21:42:30 UTC (rev 3872)
@@ -0,0 +1,13 @@
+Description: Userland can sometimes prevent handling of an NMI on x86_64
+References: https://marc.info/?l=oss-security&m=143758877425647&w=2
+Notes:
+ Probably introduced by commit 3f3c8b8c4b2a in 3.3.
+Bugs:
+upstream: pending (4.2-rc3) [0b22930ebad563ae97ff3f8d7b9f12060b4c6e6b, a27507ca2d796cfa8d907de31ad730359c8a6d06, 810bc075f78ff2c221536eb3008eac6a492dba2d]
+3.16-upstream-stable: needed
+3.2-upstream-stable: N/A ("Vulnerable code not present)
+2.6.32-upstream-stable: N/A ("Vulnerable code not present)
+sid: pending (4.0.8-2)
+3.16-jessie-security: pending (3.16.7-ckt11-1+deb8u2)
+3.2-wheezy-security: N/A ("Vulnerable code not present)
+2.6.32-squeeze-security: N/A ("Vulnerable code not present)
Added: active/CVE-2015-5157
===================================================================
--- active/CVE-2015-5157 (rev 0)
+++ active/CVE-2015-5157 2015-07-22 21:42:30 UTC (rev 3872)
@@ -0,0 +1,14 @@
+Description: DoS or privilege escalation by triggering fault in NMI on x86_64
+References: https://marc.info/?l=oss-security&m=143758877425647&w=2
+Notes:
+ Seems to have been introduced by commit 3f3c8b8c4b2a ("x86: Add workaround
+ to NMI iret woes") in 3.3.
+Bugs:
+upstream: pending (4.2-rc3) [9d05041679904b12c12421cbcf9cb5f4860a8d7b, 0e181bb58143cb4a2e8f01c281b0816cd0e4798e, 9b6e6a8334d56354853f9c255d1395c2ba570e0a]
+3.16-upstream-stable: needed
+3.2-upstream-stable: N/A ("Vulnerable code not present")
+2.6.32-upstream-stable: N/A ("Vulnerable code not present")
+sid: pending (4.0.8-2)
+3.16-jessie-security: pending (3.16.7-ckt11-1+deb8u2)
+3.2-wheezy-security: N/A ("Vulnerable code not present")
+2.6.32-squeeze-security: N/A ("Vulnerable code not present")
More information about the kernel-sec-discuss
mailing list