CVE-2015-5307 — Infinite Loop in Kernel

CWE-399 CWE-835 — Infinite Loop16 documents9 sources

Severity

4.9MEDIUMNVD

EPSS

0.1%

top 73.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel XEN Oracle VM Virtualbox +2 more

Timeline

PublishedNov 16

Latest updateMay 24

Description

The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c.

CVSS vector

AV:L/AC:L/C:N/I:N/A:CExploitability: 3.9 | Impact: 6.9

Affected Packages5 packages

▶Debianlinux/linux_kernel< 4.2.6-1+3

▶NVDlinux/linux_kernel4.2.3

▶Debianxen/xen< 4.8.0~rc3-1+3

▶NVDoracle/vm_virtualbox4.0.0 — 4.0.34+4

▶NVDxen/xen22 versions+21

Also affects: Debian Linux 7.0, 8.0, Ubuntu Linux 12.04, 14.04, 15.10

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

Kernel

KVM: VMX: Enable Notify VM exit↗2022-05-24

▶

GHSA

GHSA-hfhj-gfxm-5x7g: The KVM subsystem in the Linux kernel through 4↗2022-05-14

▶

CVEList

CVE-2015-5307: The KVM subsystem in the Linux kernel through 4↗2015-11-16

▶

OSV

CVE-2015-5307: The KVM subsystem in the Linux kernel through 4↗2015-11-16

▶

Kernel

KVM: x86: work around infinite loop in microcode when #AC is delivered↗2015-11-03

▶

📋Vendor Advisories

Ubuntu

Linux kernel vulnerability↗2015-11-10

▶

Red Hat

virt: guest to host DoS by triggering an infinite loop in microcode via #AC exception↗2015-11-10

▶

Ubuntu

Linux kernel (Utopic HWE) vulnerability↗2015-11-10

▶

Ubuntu

Linux kernel (Vivid HWE) vulnerability↗2015-11-10

▶

Ubuntu

Linux kernel (Trusty HWE) vulnerability↗2015-11-10

▶

💬Community

Bugzilla

CVE-2015-5307 kernel: kvm: guest to host DoS by triggering an infinite loop in microcode via #AC exception [fedora-all]↗2015-11-10

▶

Bugzilla

CVE-2015-5307 xen: kernel: kvm: guest to host DoS by triggering an infinite loop in microcode via #AC exception [fedora-all]↗2015-11-10

▶

Bugzilla

CVE-2015-5307 virt: guest to host DoS by triggering an infinite loop in microcode via #AC exception↗2015-11-02

▶