CVE-2015-5157

Опубликовано: 22 июл. 2015

Источник: redhat

CVSS2: 6.2

Описание

arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform mishandles IRET faults in processing NMIs that occurred during userspace execution, which might allow local users to gain privileges by triggering an NMI.

A flaw was found in the way the Linux kernel handled IRET faults during the processing of NMIs. An unprivileged, local user could use this flaw to crash the system or, potentially (although highly unlikely), escalate their privileges on the system.

Отчет

This issue does affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2. Future updates in the respective releases may address this flaw. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	kernel	Will not fix
Red Hat Enterprise Linux 6	kernel	Fixed	RHSA-2016:0715	04.05.2016
Red Hat Enterprise Linux 7	kernel-rt	Fixed	RHSA-2016:0212	16.02.2016
Red Hat Enterprise Linux 7	kernel	Fixed	RHSA-2016:0185	16.02.2016
Red Hat Enterprise MRG 2	kernel-rt	Fixed	RHSA-2016:0224	16.02.2016