Bug 1243489 (CVE-2015-3291)
Summary: | CVE-2015-3291 kernel: x86/nmi: malicious userspace programs can cause the kernel to skip NMIs | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Martin Prpič <mprpic> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED WONTFIX | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | agordeev, aquini, bhu, dhoward, esammons, fhrbata, iboverma, jkacur, jross, kernel-mgr, kstutsma, lgoncalv, lwang, matt, mcressma, mguzik, nmurray, pholasek, plougher, pmatouse, rvrbovsk, security-response-team, williams |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: |
It was found that if a Non-Maskable Interrupt (NMI) occurred immediately after a SYSCALL call or before a SYSRET call with the user RSP pointing to the NMI IST stack, the kernel could skip that NMI.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2015-07-23 06:55:47 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1245927 | ||
Bug Blocks: | 1243491 |
Description
Martin Prpič
2015-07-15 14:54:51 UTC
Statement: This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6 as they did not backport the nested NMI handler functionality. This issue does affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1245927] |