ALT Linux Team

Package kernel-image-un-def update in t7 on 2015-08-22

ALT-PU-2015-1720-1

Package kernel-image-un-def updated to version 4.1.6-alt1 for branch t7 in task 147974.

Closed vulnerabilities

Published: 2015-08-31
Modified: 2025-04-12

CVE-2015-3290

arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform improperly relies on espfix64 during nested NMI processing, which allows local users to gain privileges by triggering an NMI within a certain instruction window.

Severity: HIGH (7.2) Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
References:
Published: 2015-08-31
Modified: 2025-04-12

CVE-2015-3291

arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform does not properly determine when nested NMI processing is occurring, which allows local users to cause a denial of service (skipped NMI) by modifying the rsp register, issuing a syscall instruction, and triggering an NMI.

Severity: LOW (2.1) Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P
References:
Published: 2015-08-31
Modified: 2025-04-12

CVE-2015-5157

arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform mishandles IRET faults in processing NMIs that occurred during userspace execution, which might allow local users to gain privileges by triggering an NMI.

Severity: HIGH (7.2) Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
References:
Published: 2015-08-31
Modified: 2025-04-12

CVE-2015-5697

The get_bitmap_file function in drivers/md/md.c in the Linux kernel before 4.1.6 does not initialize a certain bitmap data structure, which allows local users to obtain sensitive information from kernel memory via a GET_BITMAP_FILE ioctl call.

Severity: LOW (2.1) Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top