CVE-2015-3290 Linux Kernel NMI Vulnerability


Severity

High

Vendor

Canonical Ubuntu

Versions Affected
  • Canonical Ubuntu - Kernel 3.19
Description

A flaw was found in Linux kernel’s handling of nested non-maskable interrupts (NMIs). This flaw could allow an unprivileged local user to escalate their privileges or potentially cause a denial of service through a system crash.

Affected Pivotal Products and Versions

Severity is high unless otherwise noted.

  • The Cloud Foundry project BOSH stemcells version 3025 or earlier contain this vulnerability.
  • Pivotal Elastic Runtime 1.5.1 references stemcells that contain this vulnerability.
  • OpsManager 1.5.1 includes stemcells with this vulnerability.
Mitigation

Users of affected versions should apply the following mitigation:

  • The Cloud Foundry project has released BOSH stemcell 3026 which contains a patched version of the Linux kernel. It is recommended that Cloud Foundry Runtime deployments apply stemcell version 3026 or greater.
  • Pivotal recommends that customers upgrade to the 1.5.2 versions of the Ops Manager and Elastic Runtime products, which are now available on Pivotal Network. These new versions reference patched stemcells that resolve the identified vulnerability.
Credit

Andy Lutomirski

References