Vigil@nce - Linux kernel: four vulnerabilities of NMI
September 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
Several vulnerabilities were announced in the NMI (Non-maskable
interrupt) processing by the Linux kernel.
Impacted products: Debian, Fedora, Linux, openSUSE, Ubuntu.
Severity: 2/4.
Creation date: 23/07/2015.
Revision date: 05/08/2015.
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in the NMI (Non-maskable
interrupt) processing by the Linux kernel.
An attacker can change the execution path of SYSCALL/SYSRET
instructions, in order to run code with kernel privileges.
[severity:2/4; CVE-2015-3291]
An attacker can generate a memory corruption after an IRET
instruction fault, in order to trigger a denial of service, and
possibly to run code. [severity:2/4; CVE-2015-5157]
An attacker can generate a log filling, in order to trigger a
denial of service. [severity:2/4]
An attacker can generate a memory corruption by nesting NMIs on a
64 bit processor, in order to trigger a denial of service, and
possibly to run code. [severity:2/4; CVE-2015-3290]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-four-vulnerabilities-of-NMI-17495