CVE-2015-3291 - Vulnerability Details - OpenCVE

arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform does not properly determine when nested NMI processing is occurring, which allows local users to cause a denial of service (skipped NMI) by modifying the rsp register, issuing a syscall instruction, and triggering an NMI.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

Configuration 1 [-]

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=810bc075f78ff2c221536eb3008eac6a492dba2d
http://www.debian.org/security/2015/dsa-3313
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.6
http://www.openwall.com/lists/oss-security/2015/07/22/7
http://www.securityfocus.com/bid/76003
http://www.ubuntu.com/usn/USN-2687-1
http://www.ubuntu.com/usn/USN-2688-1
http://www.ubuntu.com/usn/USN-2689-1
http://www.ubuntu.com/usn/USN-2690-1
http://www.ubuntu.com/usn/USN-2691-1
https://bugzilla.redhat.com/show_bug.cgi?id=1243489
https://github.com/torvalds/linux/commit/810bc075f78ff2c221536eb3008eac6a492dba2d
https://nvd.nist.gov/vuln/detail/CVE-2015-3291
https://www.cve.org/CVERecord?id=CVE-2015-3291

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2015-08-31T10:00:00

Updated: 2024-08-06T05:39:32.149Z

Reserved: 2015-04-10T00:00:00

Link: CVE-2015-3291

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2015-08-31T10:59:09.737

Modified: 2025-04-12T10:46:40.837

Link: CVE-2015-3291

Redhat

Severity : Low

Publid Date: 2015-07-22T00:00:00Z

Links: CVE-2015-3291 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-07-22T00:00:00", "descriptions": [{"lang": "en", "value": "arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform does not properly determine when nested NMI processing is occurring, which allows local users to cause a denial of service (skipped NMI) by modifying the rsp register, issuing a syscall instruction, and triggering an NMI."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-20T16:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1243489"}, {"name": "76003", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/76003"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=810bc075f78ff2c221536eb3008eac6a492dba2d"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/torvalds/linux/commit/810bc075f78ff2c221536eb3008eac6a492dba2d"}, {"name": "USN-2689-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2689-1"}, {"name": "USN-2690-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2690-1"}, {"name": "USN-2691-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2691-1"}, {"name": "USN-2688-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2688-1"}, {"name": "DSA-3313", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2015/dsa-3313"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.6"}, {"name": "[oss-security] 20150722 Linux x86_64 NMI security issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2015/07/22/7"}, {"name": "USN-2687-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2687-1"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T05:39:32.149Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1243489"}, {"name": "76003", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/76003"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=810bc075f78ff2c221536eb3008eac6a492dba2d"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/torvalds/linux/commit/810bc075f78ff2c221536eb3008eac6a492dba2d"}, {"name": "USN-2689-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2689-1"}, {"name": "USN-2690-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2690-1"}, {"name": "USN-2691-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2691-1"}, {"name": "USN-2688-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2688-1"}, {"name": "DSA-3313", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2015/dsa-3313"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.6"}, {"name": "[oss-security] 20150722 Linux x86_64 NMI security issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2015/07/22/7"}, {"name": "USN-2687-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2687-1"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2015-3291", "datePublished": "2015-08-31T10:00:00", "dateReserved": "2015-04-10T00:00:00", "dateUpdated": "2024-08-06T05:39:32.149Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "44877FD6-2CE0-4950-B1C4-8B0A4E0E0333", "versionEndIncluding": "4.1.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform does not properly determine when nested NMI processing is occurring, which allows local users to cause a denial of service (skipped NMI) by modifying the rsp register, issuing a syscall instruction, and triggering an NMI."}, {"lang": "es", "value": "Vulnerabilidad en arch/x86/entry/entry_64.S en el kernel de Linux en versiones anteriores a 4.1.6 en la plataforma x86_64, no determina correctamente cu\u00e1ndo est\u00e1 ocurriendo el procesamiento anidado de NMI, lo que permite a usuarios locales causar una denegaci\u00f3n de servicio (NMI saltada) modificando el registro rsp, causando una llamada de instrucci\u00f3n del sistema y desencadenando una NMI."}], "id": "CVE-2015-3291", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-08-31T10:59:09.737", "references": [{"source": "secalert@redhat.com", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=810bc075f78ff2c221536eb3008eac6a492dba2d"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2015/dsa-3313"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.6"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2015/07/22/7"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/76003"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-2687-1"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-2688-1"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-2689-1"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-2690-1"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-2691-1"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1243489"}, {"source": "secalert@redhat.com", "url": "https://github.com/torvalds/linux/commit/810bc075f78ff2c221536eb3008eac6a492dba2d"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=810bc075f78ff2c221536eb3008eac6a492dba2d"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2015/dsa-3313"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2015/07/22/7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/76003"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-2687-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-2688-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-2689-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-2690-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-2691-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1243489"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/torvalds/linux/commit/810bc075f78ff2c221536eb3008eac6a492dba2d"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-17"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Andy Lutomirski for reporting this issue.", "bugzilla": {"description": "kernel: x86/nmi: malicious userspace programs can cause the kernel to skip NMIs", "id": "1243489", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1243489"}, "csaw": false, "cvss": {"cvss_base_score": "1.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N", "status": "draft"}, "cwe": "CWE-440", "details": ["arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform does not properly determine when nested NMI processing is occurring, which allows local users to cause a denial of service (skipped NMI) by modifying the rsp register, issuing a syscall instruction, and triggering an NMI.", "It was found that if a Non-Maskable Interrupt (NMI) occurred immediately after a SYSCALL call or before a SYSRET call with the user RSP pointing to the NMI IST stack, the kernel could skip that NMI."], "name": "CVE-2015-3291", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:2", "fix_state": "Will not fix", "package_name": "realtime-kernel", "product_name": "Red Hat Enterprise MRG 2"}], "public_date": "2015-07-22T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-3291\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3291"], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6 as they did not backport the nested NMI handler functionality.\nThis issue does affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2. This has been rated as having Low security impact and is not currently planned to be addressed in future updates.", "threat_severity": "Low"}