CVE-2015-3290 Linux Kernel NMI Vulnerability

Severity

High

Vendor

Canonical Ubuntu

Versions Affected

Canonical Ubuntu – Kernel 3.19

Description

A flaw was found in Linux kernel’s handling of nested non-maskable interrupts (NMIs). This flaw could allow an unprivileged local user to escalate their privileges or potentially cause a denial of service through a system crash.

Affected Products and Versions

Severity is high unless otherwise noted.

The Cloud Foundry project BOSH stemcells version 3025 or earlier contain this vulnerability.

Mitigation

Users of affected versions should apply the following mitigation:

The Cloud Foundry project has released BOSH stemcell 3026 which contains a patched version of the Linux kernel. It is recommended that Cloud Foundry Runtime deployments apply stemcell version 3026 or greater.

Credit

Andy Lutomirski

References

http://www.ubuntu.com/usn/usn-2690-1/
https://bosh.io/stemcells
https://github.com/cloudfoundry/cf-release

CVE-2015-3290 Linux Kernel NMI Vulnerability

Severity

Vendor

Versions Affected

Description

Affected Products and Versions

Mitigation

Credit

References

You Might Also Like

USN-4991-1: libxml2 vulnerabilities

USN-3302-1: ImageMagick vulnerabilities

USN-6060-1: MySQL vulnerabilities

Sign up for the Cloud Foundry Newsletter today!

Sign up for the
Cloud Foundry Newsletter today!