Cloud FoundryCFOUNDRY:3DCD5683F03B57AFBD25479619516122CVE-2015-3290 Linux Kernel NMI Vulnerability | Cloud Foundry
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.002 Low
EPSS
Percentile
51.0%
CVE-2015-3290 Linux Kernel NMI Vulnerability
High
Vendor
Canonical Ubuntu
Versions Affected
- Canonical Ubuntu – Kernel 3.19
Description
A flaw was found in Linux kernel’s handling of nested non-maskable interrupts (NMIs). This flaw could allow an unprivileged local user to escalate their privileges or potentially cause a denial of service through a system crash.
Affected Products and Versions
_Severity is high unless otherwise noted.
_
- The Cloud Foundry project BOSH stemcells version 3025 or earlier contain this vulnerability.
Mitigation
Users of affected versions should apply the following mitigation:
- The Cloud Foundry project has released BOSH stemcell 3026 which contains a patched version of the Linux kernel. It is recommended that Cloud Foundry Runtime deployments apply stemcell version 3026 or greater.
Credit
Andy Lutomirski
References
Related
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.002 Low
EPSS
Percentile
51.0%