CVE-2015-5157

DEB

Medium

arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform mishandles IRET faults in processing NMIs that occurred d…

CVSS

6.2

Medium

EPSS

0.01

p45

Published

2015-01-01

Updated

2015-01-01

Description

arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform mishandles IRET faults in processing NMIs that occurred during userspace execution, which might allow local users to gain privileges by triggering an NMI.

Tags · CWE

LPE

CWE-264

CWE-435

Affected products

KernelKernelKernel-rtKernel-rtLinuxLinuxLinuxLinuxLinuxLinuxLinuxLinuxLinuxLinuxLinuxLinuxLinuxLinuxLinuxLinux-2.6

CVSS vector

AV:L/AC:H/Au:N/C:C/I:C/A:C

Timeline

2015-01-01

Published

2015-01-01

Updated

CVSS 3.1 breakdown

Attack Vector

AV: L

Local (L)

Attack Complexity

AC: H

High (H)

Authentication

Au: N

None (N)

Confidentiality Impact

C: C

Complete

Integrity Impact

I: C

Complete

Availability Impact

A: C

Complete

Exploit indicators

EPSS

0.006 · p45

Known exploited (KEV)

Known exploits — Сканер-ВС

No Сканер-ВС checks registered for this vulnerability yet.

Affected products

Linux

Linux Kernel

Red Hat

Kernel Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Workstation Kernel-rt Enterprise Linux Server Eus Enterprise Linux Hpc Node

Product	Vendor	Status
kernel		Tracked
kernel		Tracked
kernel-rt		Tracked
kernel-rt		Tracked
linux		Tracked
linux		Tracked
linux		Tracked
linux		Tracked
linux		Tracked
linux		Tracked
linux		Tracked
linux		Tracked
linux		Tracked
linux		Tracked
linux		Tracked
linux		Tracked
linux		Tracked
linux		Tracked
linux		Tracked
linux-2.6		Tracked

Showing first 20 of 193

Source databases

DEB

CVE

RED

UBU