Bug 1243489 (CVE-2015-3291) - CVE-2015-3291 kernel: x86/nmi: malicious userspace programs can cause the kernel to skip NMIs
Summary: CVE-2015-3291 kernel: x86/nmi: malicious userspace programs can cause the ker...
Keywords:
Status: CLOSED WONTFIX
Alias: CVE-2015-3291
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1245927
Blocks: 1243491
TreeView+ depends on / blocked
 
Reported: 2015-07-15 14:54 UTC by Martin Prpič
Modified: 2019-09-29 13:35 UTC (History)
23 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
It was found that if a Non-Maskable Interrupt (NMI) occurred immediately after a SYSCALL call or before a SYSRET call with the user RSP pointing to the NMI IST stack, the kernel could skip that NMI.
Clone Of:
Environment:
Last Closed: 2015-07-23 06:55:47 UTC


Attachments (Terms of Use)

Description Martin Prpič 2015-07-15 14:54:51 UTC
It was found that if an NMI occurred immediately after a SYSCALL or before a SYSRET with the user RSP pointing to the NMI IST stack, the kernel could skip that NMI.

Upstream fix:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=810bc075f78ff2c221536eb3008eac6a492dba2d

Acknowledgements:

Red Hat would like to thank Andy Lutomirski for reporting this issue.

Comment 1 Petr Matousek 2015-07-23 06:55:47 UTC
Statement:

This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6 as they did not backport the nested NMI handler functionality.

This issue does affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2. This has been rated as having Low security impact and is not currently planned to be addressed in future updates.

Comment 2 Petr Matousek 2015-07-23 06:57:34 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1245927]


Note You need to log in before you can comment on or make changes to this bug.