[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

251782

 
 

909

 
 

196543

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2015-3290Date: (C)2015-09-03   (M)2024-04-19


arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform improperly relies on espfix64 during nested NMI processing, which allows local users to gain privileges by triggering an NMI within a certain instruction window.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.2
Exploit Score: 3.9
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
EXPLOIT-DB-37722
BID-76004
DSA-3313
USN-2687-1
USN-2688-1
USN-2689-1
USN-2690-1
USN-2691-1
http://www.openwall.com/lists/oss-security/2015/07/22/7
http://www.openwall.com/lists/oss-security/2015/08/04/8
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b6e6a8334d56354853f9c255d1395c2ba570e0a
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.6
https://bugzilla.redhat.com/show_bug.cgi?id=1243465
https://github.com/torvalds/linux/commit/9b6e6a8334d56354853f9c255d1395c2ba570e0a
openSUSE-SU-2015:1382

CWE    1
CWE-264
OVAL    17
oval:org.secpod.oval:def:109416
oval:org.secpod.oval:def:109451
oval:org.secpod.oval:def:109421
oval:org.secpod.oval:def:702684
...

© SecPod Technologies