cbcvebase.
CVE-2015-3290
published 2015-08-31

CVE-2015-3290: arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform improperly relies on espfix64 during nested NMI processing, which allows…

PriorityP336high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
1.10%
61.6th percentile
arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform improperly relies on espfix64 during nested NMI processing, which allows local users to gain privileges by triggering an NMI within a certain instruction window.

Affected

26 ranges· showing 25
VendorProductVersion rangeFixed in
debianlinux< linux 6.1.112-1 (bookworm)linux 6.1.112-1 (bookworm)
debianlinux< linux 4.0.8-2 (bookworm)linux 4.0.8-2 (bookworm)
debianlinux-6.1< linux 6.1.112-1 (bookworm)linux 6.1.112-1 (bookworm)
linuxlinux
linuxlinux>= 3a632cb229bfb18b6d09822cc842451ea46c013e < 15210b7c8caff4929f25d049ef8404557f8ae46815210b7c8caff4929f25d049ef8404557f8ae468
linuxlinux>= 3a632cb229bfb18b6d09822cc842451ea46c013e < 0eaf812aa1506704f3b78be87036860e5d0fe81d0eaf812aa1506704f3b78be87036860e5d0fe81d
linuxlinux>= 3a632cb229bfb18b6d09822cc842451ea46c013e < 8717dc35c0e5896f4110f4b3882f7ff787a5f73d8717dc35c0e5896f4110f4b3882f7ff787a5f73d
linuxlinux>= 3a632cb229bfb18b6d09822cc842451ea46c013e < 25dfc9e357af8aed1ca79b318a73f2c59c1f0b2b25dfc9e357af8aed1ca79b318a73f2c59c1f0b2b
linuxlinux_kernel< 3.12.473.12.47
linuxlinux_kernel
linuxlinux_kernel>= 0 < 4.0.8-24.0.8-2
linuxlinux_kernel>= 0 < 6.1.112-16.1.112-1
linuxlinux_kernel>= 0 < 4.0.8-24.0.8-2
linuxlinux_kernel>= 0 < 6.10.11-16.10.11-1
linuxlinux_kernel>= 0 < 4.0.8-24.0.8-2
linuxlinux_kernel>= 0 < 6.10.11-16.10.11-1
linuxlinux_kernel>= 0 < 4.0.8-24.0.8-2
linuxlinux_kernel>= 0 < 3.13.0-61.1003.13.0-61.100
linuxlinux_kernel>= 0 < 3.13.0-59.983.13.0-59.98
linuxlinux_kernel>= 3.11 < 6.1.1106.1.110
linuxlinux_kernel>= 3.13 < 3.14.543.14.54
linuxlinux_kernel>= 3.15 < 3.16.353.16.35
linuxlinux_kernel>= 3.17 < 3.18.223.18.22
linuxlinux_kernel>= 3.19 < 4.1.64.1.6
linuxlinux_kernel>= 6.2 < 6.6.516.6.51

CVSS provenance

nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
osv7.2HIGH
vendor_debian7.2HIGH
vendor_redhat7.2HIGH
vendor_ubuntu7.2HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.