CVE-2015-3290
published 2015-08-31CVE-2015-3290: arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform improperly relies on espfix64 during nested NMI processing, which allows…
PriorityP336high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
1.10%
61.6th percentile
arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform improperly relies on espfix64 during nested NMI processing, which allows local users to gain privileges by triggering an NMI within a certain instruction window.
Affected
26 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | linux | < linux 6.1.112-1 (bookworm) | linux 6.1.112-1 (bookworm) |
| debian | linux | < linux 4.0.8-2 (bookworm) | linux 4.0.8-2 (bookworm) |
| debian | linux-6.1 | < linux 6.1.112-1 (bookworm) | linux 6.1.112-1 (bookworm) |
| linux | linux | — | — |
| linux | linux | >= 3a632cb229bfb18b6d09822cc842451ea46c013e < 15210b7c8caff4929f25d049ef8404557f8ae468 | 15210b7c8caff4929f25d049ef8404557f8ae468 |
| linux | linux | >= 3a632cb229bfb18b6d09822cc842451ea46c013e < 0eaf812aa1506704f3b78be87036860e5d0fe81d | 0eaf812aa1506704f3b78be87036860e5d0fe81d |
| linux | linux | >= 3a632cb229bfb18b6d09822cc842451ea46c013e < 8717dc35c0e5896f4110f4b3882f7ff787a5f73d | 8717dc35c0e5896f4110f4b3882f7ff787a5f73d |
| linux | linux | >= 3a632cb229bfb18b6d09822cc842451ea46c013e < 25dfc9e357af8aed1ca79b318a73f2c59c1f0b2b | 25dfc9e357af8aed1ca79b318a73f2c59c1f0b2b |
| linux | linux_kernel | < 3.12.47 | 3.12.47 |
| linux | linux_kernel | — | — |
| linux | linux_kernel | >= 0 < 4.0.8-2 | 4.0.8-2 |
| linux | linux_kernel | >= 0 < 6.1.112-1 | 6.1.112-1 |
| linux | linux_kernel | >= 0 < 4.0.8-2 | 4.0.8-2 |
| linux | linux_kernel | >= 0 < 6.10.11-1 | 6.10.11-1 |
| linux | linux_kernel | >= 0 < 4.0.8-2 | 4.0.8-2 |
| linux | linux_kernel | >= 0 < 6.10.11-1 | 6.10.11-1 |
| linux | linux_kernel | >= 0 < 4.0.8-2 | 4.0.8-2 |
| linux | linux_kernel | >= 0 < 3.13.0-61.100 | 3.13.0-61.100 |
| linux | linux_kernel | >= 0 < 3.13.0-59.98 | 3.13.0-59.98 |
| linux | linux_kernel | >= 3.11 < 6.1.110 | 6.1.110 |
| linux | linux_kernel | >= 3.13 < 3.14.54 | 3.14.54 |
| linux | linux_kernel | >= 3.15 < 3.16.35 | 3.16.35 |
| linux | linux_kernel | >= 3.17 < 3.18.22 | 3.18.22 |
| linux | linux_kernel | >= 3.19 < 4.1.6 | 4.1.6 |
| linux | linux_kernel | >= 6.2 < 6.6.51 | 6.6.51 |
CVSS provenance
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
osv7.2HIGH
vendor_debian7.2HIGH
vendor_redhat7.2HIGH
vendor_ubuntu7.2HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
kernel: perf/x86/intel: Limit the period on Haswell
vendor_redhat·2024-09-27·CVSS 5.5
CVE-2024-46848 [MEDIUM] CWE-754 kernel: perf/x86/intel: Limit the period on Haswell
kernel: perf/x86/intel: Limit the period on Haswell
In the Linux kernel, the following vulnerability has been resolved:
perf/x86/intel: Limit the period on Haswell
Running the ltp test cve-2015-3290 concurrently reports the following
warnings.
perfevents: irq loop stuck!
WARNING: CPU: 31 PID: 32438 at arch/x86/events/intel/core.c:3174
intel_pmu_handle_irq+0x285/0x370
Call Trace:
? __warn+0xa4/0x220
? intel_pmu_handle_irq+0x285/0x370
? __report_bug+0x123/0x130
? intel_pmu_handle_irq+0x285/0x370
? __report_bug+0x123/0x130
? intel_pmu_handle_irq+0x285/0x370
? report_bug+0x3e/0xa0
? handle_bug+0x3c/0x70
? exc_invalid_op+0x18/0x50
? asm_exc_invalid_op+0x1a/0x20
? irq_work_claim+0x1e/0x40
? intel_pmu_handle_irq+0x285/0x370
perf_event_nmi_handler+0x3d/0x60
nmi_handle+0x104/0x330
Thanks to Thoma
Debian
CVE-2024-46848: linux - In the Linux kernel, the following vulnerability has been resolved: perf/x86/in...
vendor_debian·2024·CVSS 5.5
CVE-2024-46848 [MEDIUM] CVE-2024-46848: linux - In the Linux kernel, the following vulnerability has been resolved: perf/x86/in...
In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: Limit the period on Haswell Running the ltp test cve-2015-3290 concurrently reports the following warnings. perfevents: irq loop stuck! WARNING: CPU: 31 PID: 32438 at arch/x86/events/intel/core.c:3174 intel_pmu_handle_irq+0x285/0x370 Call Trace: ? __warn+0xa4/0x220 ? intel_pmu_handle_irq+0x285/0x370 ? __report_bug+0x123/0x130 ? intel_pmu_handle_irq+0x285/0x370 ? __report_bug+0x123/0x130 ? intel_pmu_handle_irq+0x285/0x370 ? report_bug+0x3e/0xa0 ? handle_bug+0x3c/0x70 ? exc_invalid_op+0x18/0x50 ? asm_exc_invalid_op+0x1a/0x20 ? irq_work_claim+0x1e/0x40 ? intel_pmu_handle_irq+0x285/0x370 perf_event_nmi_handler+0x3d/0x60 nmi_handle+0x104/0x330 Thanks to Thomas Gleixner's analysis, the issue is caused by the low
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2015-07-31·CVSS 7.2
CVE-2015-3291 [HIGH] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the kernel.
Andy Lutomirski discovered a flaw in the Linux kernel's handling of nested
NMIs (non-maskable interrupts). An unprivileged local user could exploit
this flaw to cause a denial of service (system crash) or potentially
escalate their privileges. (CVE-2015-3290)
Andy Lutomirski discovered a flaw that allows user to cause the Linux
kernel to ignore some NMIs (non-maskable interrupts). A local unprivileged
user could exploit this flaw to potentially cause the system to miss
important NMIs resulting in unspecified effects. (CVE-2015-3291)
Andy Lutomirski and Petr Matousek discovered that an NMI (non-maskable
interrupt) that interrupts userspace and encounters an IRET fault is
incorrectly handled by
Ubuntu
Linux kernel (Trusty HWE) vulnerabilities
vendor_ubuntu·2015-07-28·CVSS 4.9
CVE-2015-1333 [MEDIUM] Linux kernel (Trusty HWE) vulnerabilities
Title: Linux kernel (Trusty HWE) vulnerabilities
Summary: Several security issues were fixed in the kernel.
Andy Lutomirski discovered a flaw in the Linux kernel's handling of nested
NMIs (non-maskable interrupts). An unprivileged local user could exploit
this flaw to cause a denial of service (system crash) or potentially
escalate their privileges. (CVE-2015-3290)
Colin King discovered a flaw in the add_key function of the Linux kernel's
keyring subsystem. A local user could exploit this flaw to cause a denial
of service (memory exhaustion). (CVE-2015-1333)
Andy Lutomirski discovered a flaw that allows user to cause the Linux
kernel to ignore some NMIs (non-maskable interrupts). A local unprivileged
user could exploit this flaw to potentially cause the system to miss
important NMIs re
Ubuntu
Linux kernel (Vivid HWE) vulnerabilities
vendor_ubuntu·2015-07-28·CVSS 4.9
CVE-2015-1333 [MEDIUM] Linux kernel (Vivid HWE) vulnerabilities
Title: Linux kernel (Vivid HWE) vulnerabilities
Summary: Several security issues were fixed in the kernel.
Andy Lutomirski discovered a flaw in the Linux kernel's handling of nested
NMIs (non-maskable interrupts). An unprivileged local user could exploit
this flaw to cause a denial of service (system crash) or potentially
escalate their privileges. (CVE-2015-3290)
Colin King discovered a flaw in the add_key function of the Linux kernel's
keyring subsystem. A local user could exploit this flaw to cause a denial
of service (memory exhaustion). (CVE-2015-1333)
Andy Lutomirski discovered a flaw that allows user to cause the Linux
kernel to ignore some NMIs (non-maskable interrupts). A local unprivileged
user could exploit this flaw to potentially cause the system to miss
important NMIs res
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2015-07-28·CVSS 4.9
CVE-2015-1333 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the kernel.
Andy Lutomirski discovered a flaw in the Linux kernel's handling of nested
NMIs (non-maskable interrupts). An unprivileged local user could exploit
this flaw to cause a denial of service (system crash) or potentially
escalate their privileges. (CVE-2015-3290)
Colin King discovered a flaw in the add_key function of the Linux kernel's
keyring subsystem. A local user could exploit this flaw to cause a denial
of service (memory exhaustion). (CVE-2015-1333)
Andy Lutomirski discovered a flaw that allows user to cause the Linux
kernel to ignore some NMIs (non-maskable interrupts). A local unprivileged
user could exploit this flaw to potentially cause the system to miss
important NMIs resulting in un
Ubuntu
Linux kernel (Utopic HWE) vulnerabilities
vendor_ubuntu·2015-07-28·CVSS 4.9
CVE-2015-1333 [MEDIUM] Linux kernel (Utopic HWE) vulnerabilities
Title: Linux kernel (Utopic HWE) vulnerabilities
Summary: Several security issues were fixed in the kernel.
Andy Lutomirski discovered a flaw in the Linux kernel's handling of nested
NMIs (non-maskable interrupts). An unprivileged local user could exploit
this flaw to cause a denial of service (system crash) or potentially
escalate their privileges. (CVE-2015-3290)
Colin King discovered a flaw in the add_key function of the Linux kernel's
keyring subsystem. A local user could exploit this flaw to cause a denial
of service (memory exhaustion). (CVE-2015-1333)
Andy Lutomirski discovered a flaw that allows user to cause the Linux
kernel to ignore some NMIs (non-maskable interrupts). A local unprivileged
user could exploit this flaw to potentially cause the system to miss
important NMIs re
Red Hat
kernel: x86: nested NMI handler and espfix64 interaction privilege escalation
vendor_redhat·2015-07-22·CVSS 7.2
CVE-2015-3290 [HIGH] CWE-435 kernel: x86: nested NMI handler and espfix64 interaction privilege escalation
kernel: x86: nested NMI handler and espfix64 interaction privilege escalation
arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform improperly relies on espfix64 during nested NMI processing, which allows local users to gain privileges by triggering an NMI within a certain instruction window.
A flaw was found in the way the Linux kernel's nested NMI handler and espfix64 functionalities interacted during NMI processing. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system.
Statement: This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6 since they did not backport the nested NMI handler and espfix64 functionalities.
This issue does not affect
Debian
CVE-2015-3290: linux - arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platfor...
vendor_debian·2015·CVSS 7.2
CVE-2015-3290 [HIGH] CVE-2015-3290: linux - arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platfor...
arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform improperly relies on espfix64 during nested NMI processing, which allows local users to gain privileges by triggering an NMI within a certain instruction window.
Scope: local
bookworm: resolved (fixed in 4.0.8-2)
bullseye: resolved (fixed in 4.0.8-2)
forky: resolved (fixed in 4.0.8-2)
sid: resolved (fixed in 4.0.8-2)
trixie: resolved (fixed in 4.0.8-2)
OSV
CVE-2024-46848: In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: Limit the period on Haswell Running the ltp test cve-2015-3290 con
osv·2024-09-27·CVSS 5.5
CVE-2024-46848 [MEDIUM] CVE-2024-46848: In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: Limit the period on Haswell Running the ltp test cve-2015-3290 con
In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: Limit the period on Haswell Running the ltp test cve-2015-3290 concurrently reports the following warnings. perfevents: irq loop stuck! WARNING: CPU: 31 PID: 32438 at arch/x86/events/intel/core.c:3174 intel_pmu_handle_irq+0x285/0x370 Call Trace: ? __warn+0xa4/0x220 ? intel_pmu_handle_irq+0x285/0x370 ? __report_bug+0x123/0x130 ? intel_pmu_handle_irq+0x285/0x370 ? __report_bug+0x123/0x130 ? intel_pmu_handle_irq+0x285/0x370 ? report_bug+0x3e/0xa0 ? handle_bug+0x3c/0x70 ? exc_invalid_op+0x18/0x50 ? asm_exc_invalid_op+0x1a/0x20 ? irq_work_claim+0x1e/0x40 ? intel_pmu_handle_irq+0x285/0x370 perf_event_nmi_handler+0x3d/0x60 nmi_handle+0x104/0x330 Thanks to Thomas Gleixner's analysis, the issue is caused by the low
GHSA
GHSA-f8x4-897j-jj7g: In the Linux kernel, the following vulnerability has been resolved:
perf/x86/intel: Limit the period on Haswell
Running the ltp test cve-2015-3290 c
ghsa_unreviewed·2024-09-27
CVE-2024-46848 [MEDIUM] GHSA-f8x4-897j-jj7g: In the Linux kernel, the following vulnerability has been resolved:
perf/x86/intel: Limit the period on Haswell
Running the ltp test cve-2015-3290 c
In the Linux kernel, the following vulnerability has been resolved:
perf/x86/intel: Limit the period on Haswell
Running the ltp test cve-2015-3290 concurrently reports the following
warnings.
perfevents: irq loop stuck!
WARNING: CPU: 31 PID: 32438 at arch/x86/events/intel/core.c:3174
intel_pmu_handle_irq+0x285/0x370
Call Trace:
? __warn+0xa4/0x220
? intel_pmu_handle_irq+0x285/0x370
? __report_bug+0x123/0x130
? intel_pmu_handle_irq+0x285/0x370
? __report_bug+0x123/0x130
? intel_pmu_handle_irq+0x285/0x370
? report_bug+0x3e/0xa0
? handle_bug+0x3c/0x70
? exc_invalid_op+0x18/0x50
? asm_exc_invalid_op+0x1a/0x20
? irq_work_claim+0x1e/0x40
? intel_pmu_handle_irq+0x285/0x370
perf_event_nmi_handler+0x3d/0x60
nmi_handle+0x104/0x330
Thanks to Thomas Gleixner's analysis, the issue is caused by the
Kernel
perf/x86/intel: Limit the period on Haswell
kernel_security·2024-08-19
CVE-2015-3290 perf/x86/intel: Limit the period on Haswell
perf/x86/intel: Limit the period on Haswell
Running the ltp test cve-2015-3290 concurrently reports the following
warnings.
perfevents: irq loop stuck!
WARNING: CPU: 31 PID: 32438 at arch/x86/events/intel/core.c:3174
intel_pmu_handle_irq+0x285/0x370
Call Trace:
? __warn+0xa4/0x220
? intel_pmu_handle_irq+0x285/0x370
? __report_bug+0x123/0x130
? intel_pmu_handle_irq+0x285/0x370
? __report_bug+0x123/0x130
? intel_pmu_handle_irq+0x285/0x370
? report_bug+0x3e/0xa0
? handle_bug+0x3c/0x70
? exc_invalid_op+0x18/0x50
? asm_exc_invalid_op+0x1a/0x20
? irq_work_claim+0x1e/0x40
? intel_pmu_handle_irq+0x285/0x370
perf_event_nmi_handler+0x3d/0x60
nmi_handle+0x104/0x330
Thanks to Thomas Gleixner's analysis, the issue is caused by the low
initial period (1) of the frequency estimation algorithm, which
GHSA
GHSA-v8jv-m5jm-jgfg: arch/x86/entry/entry_64
ghsa_unreviewed·2022-05-17
CVE-2015-3290 [HIGH] GHSA-v8jv-m5jm-jgfg: arch/x86/entry/entry_64
arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform improperly relies on espfix64 during nested NMI processing, which allows local users to gain privileges by triggering an NMI within a certain instruction window.
OSV
CVE-2015-3290: arch/x86/entry/entry_64
osv·2015-08-31·CVSS 7.2
CVE-2015-3290 [HIGH] CVE-2015-3290: arch/x86/entry/entry_64
arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform improperly relies on espfix64 during nested NMI processing, which allows local users to gain privileges by triggering an NMI within a certain instruction window.
OSV
linux vulnerabilities
osv·2015-07-31·CVSS 7.2
CVE-2015-3290 [HIGH] linux vulnerabilities
linux vulnerabilities
Andy Lutomirski discovered a flaw in the Linux kernel's handling of nested
NMIs (non-maskable interrupts). An unprivileged local user could exploit
this flaw to cause a denial of service (system crash) or potentially
escalate their privileges. (CVE-2015-3290)
Andy Lutomirski discovered a flaw that allows user to cause the Linux
kernel to ignore some NMIs (non-maskable interrupts). A local unprivileged
user could exploit this flaw to potentially cause the system to miss
important NMIs resulting in unspecified effects. (CVE-2015-3291)
Andy Lutomirski and Petr Matousek discovered that an NMI (non-maskable
interrupt) that interrupts userspace and encounters an IRET fault is
incorrectly handled by the Linux kernel. An unprivileged local user could
exploit this flaw to c
OSV
linux-lts-utopic vulnerabilities
osv·2015-07-28·CVSS 4.9
CVE-2015-3290 [MEDIUM] linux-lts-utopic vulnerabilities
linux-lts-utopic vulnerabilities
Andy Lutomirski discovered a flaw in the Linux kernel's handling of nested
NMIs (non-maskable interrupts). An unprivileged local user could exploit
this flaw to cause a denial of service (system crash) or potentially
escalate their privileges. (CVE-2015-3290)
Colin King discovered a flaw in the add_key function of the Linux kernel's
keyring subsystem. A local user could exploit this flaw to cause a denial
of service (memory exhaustion). (CVE-2015-1333)
Andy Lutomirski discovered a flaw that allows user to cause the Linux
kernel to ignore some NMIs (non-maskable interrupts). A local unprivileged
user could exploit this flaw to potentially cause the system to miss
important NMIs resulting in unspecified effects. (CVE-2015-3291)
Andy Lutomirski and Petr Ma
OSV
linux-lts-vivid vulnerabilities
osv·2015-07-28·CVSS 4.9
CVE-2015-3290 [MEDIUM] linux-lts-vivid vulnerabilities
linux-lts-vivid vulnerabilities
Andy Lutomirski discovered a flaw in the Linux kernel's handling of nested
NMIs (non-maskable interrupts). An unprivileged local user could exploit
this flaw to cause a denial of service (system crash) or potentially
escalate their privileges. (CVE-2015-3290)
Colin King discovered a flaw in the add_key function of the Linux kernel's
keyring subsystem. A local user could exploit this flaw to cause a denial
of service (memory exhaustion). (CVE-2015-1333)
Andy Lutomirski discovered a flaw that allows user to cause the Linux
kernel to ignore some NMIs (non-maskable interrupts). A local unprivileged
user could exploit this flaw to potentially cause the system to miss
important NMIs resulting in unspecified effects. (CVE-2015-3291)
Andy Lutomirski and Petr Mat
OSV
linux vulnerabilities
osv·2015-07-28·CVSS 4.9
CVE-2015-3290 [MEDIUM] linux vulnerabilities
linux vulnerabilities
Andy Lutomirski discovered a flaw in the Linux kernel's handling of nested
NMIs (non-maskable interrupts). An unprivileged local user could exploit
this flaw to cause a denial of service (system crash) or potentially
escalate their privileges. (CVE-2015-3290)
Colin King discovered a flaw in the add_key function of the Linux kernel's
keyring subsystem. A local user could exploit this flaw to cause a denial
of service (memory exhaustion). (CVE-2015-1333)
Andy Lutomirski discovered a flaw that allows user to cause the Linux
kernel to ignore some NMIs (non-maskable interrupts). A local unprivileged
user could exploit this flaw to potentially cause the system to miss
important NMIs resulting in unspecified effects. (CVE-2015-3291)
Andy Lutomirski and Petr Matousek disc
No detection rules found.
Bugzilla
CVE-2015-3290 kernel: x86: nested NMI handler and espfix64 interaction privilege escalation [fedora-all]
bugzilla·2015-07-23·CVSS 7.2
CVE-2015-3290 [HIGH] CVE-2015-3290 kernel: x86: nested NMI handler and espfix64 interaction privilege escalation [fedora-all]
CVE-2015-3290 kernel: x86: nested NMI handler and espfix64 interaction privilege escalation [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects mult
Bugzilla
CVE-2015-3290 kernel: x86: nested NMI handler and espfix64 interaction privilege escalation
bugzilla·2015-07-15·CVSS 7.2
CVE-2015-3290 [HIGH] CVE-2015-3290 kernel: x86: nested NMI handler and espfix64 interaction privilege escalation
CVE-2015-3290 kernel: x86: nested NMI handler and espfix64 interaction privilege escalation
A flaw was found in the way Linux kernel's nested NMI handler and espfix64 functionalities interacted during NMI processing.
A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system.
Upstream fix:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b6e6a8334d56354853f9c255d1395c2ba570e0a
Acknowledgements:
Red Hat would like to thank Andy Lutomirski for reporting this issue.
Discussion:
In order to exploit this issue non-root (non-privileged) user needs to make the Linux kernel's NMI handler perform an iret instruction, which re-enables NMIs and thus the nested NMI code path in the NMI handler is exercis
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b6e6a8334d56354853f9c255d1395c2ba570e0ahttp://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.htmlhttp://www.debian.org/security/2015/dsa-3313http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.6http://www.openwall.com/lists/oss-security/2015/07/22/7http://www.openwall.com/lists/oss-security/2015/08/04/8http://www.securityfocus.com/bid/76004http://www.ubuntu.com/usn/USN-2687-1http://www.ubuntu.com/usn/USN-2688-1http://www.ubuntu.com/usn/USN-2689-1http://www.ubuntu.com/usn/USN-2690-1http://www.ubuntu.com/usn/USN-2691-1https://bugzilla.redhat.com/show_bug.cgi?id=1243465https://github.com/torvalds/linux/commit/9b6e6a8334d56354853f9c255d1395c2ba570e0ahttps://www.exploit-db.com/exploits/37722/http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b6e6a8334d56354853f9c255d1395c2ba570e0ahttp://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.htmlhttp://www.debian.org/security/2015/dsa-3313http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.6http://www.openwall.com/lists/oss-security/2015/07/22/7http://www.openwall.com/lists/oss-security/2015/08/04/8http://www.securityfocus.com/bid/76004http://www.ubuntu.com/usn/USN-2687-1http://www.ubuntu.com/usn/USN-2688-1http://www.ubuntu.com/usn/USN-2689-1http://www.ubuntu.com/usn/USN-2690-1http://www.ubuntu.com/usn/USN-2691-1https://bugzilla.redhat.com/show_bug.cgi?id=1243465https://github.com/torvalds/linux/commit/9b6e6a8334d56354853f9c255d1395c2ba570e0ahttps://www.exploit-db.com/exploits/37722/
2015-08-31
Published