CVE-2015-5157 — Improper Interaction Between Multiple Correctly-Behaving Entities in Kernel

CWE-264 CWE-435 — Improper Interaction Between Multiple Correctly-Behaving Entities14 documents10 sources

Severity

7.2HIGHNVD

EPSS

0.2%

top 55.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Redhat Enterprise Linux Desktop Redhat Enterprise Linux HPC Node +3 more

Timeline

PublishedAug 31

Latest updateJun 11

Description

arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform mishandles IRET faults in processing NMIs that occurred during userspace execution, which might allow local users to gain privileges by triggering an NMI.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages6 packages

▶NVDlinux/linux_kernel3.13 — 3.14.54+4

▶Debianlinux/linux_kernel< 4.0.8-2+3

▶NVDredhat/enterprise_linux_server6.0

▶NVDredhat/enterprise_linux_desktop6.0

▶NVDredhat/enterprise_linux_hpc_node6.0

Also affects: Enterprise Linux 6.7.z

🔴Vulnerability Details

GHSA

GHSA-pxrv-r8wg-9vhw: arch/x86/entry/entry_64↗2022-05-17

▶

CVEList

CVE-2015-5157: arch/x86/entry/entry_64↗2015-08-31

▶

OSV

CVE-2015-5157: arch/x86/entry/entry_64↗2015-08-31

▶

Kernel

x86/ldt: Make modify_ldt synchronous↗2015-07-30

▶

📋Vendor Advisories

Microsoft

CVE-2015-5157: NIST NVD Details: https://nvd↗2024-06-11

▶

Ubuntu

Linux kernel vulnerabilities↗2015-07-31

▶

Ubuntu

Linux kernel (Trusty HWE) vulnerabilities↗2015-07-28

▶

Ubuntu

Linux kernel (Vivid HWE) vulnerabilities↗2015-07-28

▶

Ubuntu

Linux kernel vulnerabilities↗2015-07-28

▶

💬Community

Bugzilla

CVE-2015-5157 kernel: x86-64: IRET faults during NMIs processing↗2015-09-03

▶