Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.9
CVSSv2

CVE-2015-5307

Published: 16/11/2015 Updated: 12/02/2023
CVSS v2 Base Score: 4.9 | Impact Score: 6.9 | Exploitability Score: 3.9
VMScore: 437
Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C
Subscribe to Linux

Vulnerability Summary

The KVM subsystem in the Linux kernel up to and including 4.2.6, and Xen 4.3.x up to and including 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c.

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel

xen xen 4.3.2

xen xen 4.6.0

xen xen 4.5.5

xen xen 4.6.6

xen xen 4.3.3

xen xen 4.6.4

xen xen 4.3.0

xen xen 4.6.3

xen xen 4.5.2

xen xen 4.4.2

xen xen 4.4.4

xen xen 4.4.3

xen xen 4.6.1

xen xen 4.5.3

xen xen 4.6.2

xen xen 4.3.4

xen xen 4.5.1

xen xen 4.4.1

xen xen 4.3.1

xen xen 4.5.0

xen xen 4.4.0

xen xen 4.6.5

oracle vm virtualbox

debian debian linux 8.0

debian debian linux 7.0

canonical ubuntu linux 12.04

canonical ubuntu linux 15.10

canonical ubuntu linux 14.04

Vendor Advisories

Debian CVElist Bug Report Logs: Multiple security issues
Debian Bug report logs - #823620 Multiple security issues Package: src:xen; Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Fri, 6 May 2016 18:03:02 UTC Severity: grave Tags: security Fixed in versions xen/480~rc3-1, xen/48 ...
Red Hat: Important: kernel security and bug fix update
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic Updated kernel packages that fix two security issues, several bugs, and addone enhancement are now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having Importa ...
Red Hat: Important: kernel security and bug fix update
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic Updated kernel packages that fix two security issues and two bugs are nowavailable for Red Hat Enterprise Linux 65 Advanced Update SupportRed Hat Product Security has rated this update as having Importa ...
Red Hat: Important: kernel security update
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic Updated kernel packages that fix two security issues are now available forRed Hat Enterprise Linux 64 Advanced Update SupportRed Hat Product Security has rated this update as having Important securityimpact Common ...
Red Hat: Important: kernel security, bug fix, and enhancement update
Synopsis Important: kernel security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic Updated kernel packages that fix three security issues, several bugs, andone enhancement are now available for Red Hat Enterprise Linux 71 ExtendedUpdate SupportRed Hat Product Security ha ...
Red Hat: Important: kernel security and bug fix update
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic Updated kernel packages that fix multiple security issues and several bugsare now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having Important securityimpact ...
Debian Security Advisories: DSA-3414-1 xen -- security update
Multiple security issues have been found in the Xen virtualisation solution, which may result in denial of service or information disclosure For the oldstable distribution (wheezy), an update will be provided later For the stable distribution (jessie), these problems have been fixed in version 441-9+deb8u3 For the unstable distribution (sid), ...
Debian Security Advisories: DSA-3454-1 virtualbox -- security update
Multiple vulnerabilities have been discovered in VirtualBox, an x86 virtualisation solution Upstream support for the 41 release series has ended and since no information is available which would allow backports of isolated security fixes, security support for virtualbox in wheezy/oldstable needed to be ended as well If you use virtualbox with ex ...
Ubuntu Security Notice: linux vulnerability
The system could be made to crash under certain conditions ...
Ubuntu Security Notice: linux-lts-vivid vulnerability
The system could be made to crash under certain conditions ...
Ubuntu Security Notice: linux-lts-utopic vulnerability
The system could be made to crash under certain conditions ...
Ubuntu Security Notice: linux-lts-trusty vulnerability
The system could be made to crash under certain conditions ...
Ubuntu Security Notice: linux-lts-wily vulnerability
The system could be made to crash under certain conditions ...
Ubuntu Security Notice: linux vulnerability
The system could be made to crash under certain conditions ...
Ubuntu Security Notice: linux vulnerability
The system could be made to crash under certain conditions ...
Ubuntu Security Notice: linux vulnerability
The system could be made to crash under certain conditions ...
Red Hat: CVE-2015-5307
It was found that the x86 ISA (Instruction Set Architecture) is prone to a denial of service attack inside a virtualized environment in the form of an infinite loop in the microcode due to the way (sequential) delivering of benign exceptions such as #AC (alignment check exception) is handled A privileged user inside a guest could use this flaw to ...

References

CWE-399http://www.openwall.com/lists/oss-security/2015/11/10/6http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54a20552e1eae07aa240fa370a0293e006b5faedhttps://bugzilla.redhat.com/show_bug.cgi?id=1277172https://github.com/torvalds/linux/commit/54a20552e1eae07aa240fa370a0293e006b5faedhttp://xenbits.xen.org/xsa/advisory-156.htmlhttp://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.htmlhttp://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.htmlhttp://www.securityfocus.com/bid/77528http://rhn.redhat.com/errata/RHSA-2016-0046.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-02/msg00013.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-November/172435.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-11/msg00035.htmlhttp://www.ubuntu.com/usn/USN-2805-1http://www.debian.org/security/2015/dsa-3396http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.htmlhttp://www.ubuntu.com/usn/USN-2802-1http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.htmlhttp://www.securitytracker.com/id/1034105http://www.debian.org/security/2016/dsa-3454http://rhn.redhat.com/errata/RHSA-2015-2636.htmlhttp://support.citrix.com/article/CTX202583http://lists.opensuse.org/opensuse-updates/2015-12/msg00039.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-November/172300.htmlhttp://www.debian.org/security/2015/dsa-3414http://www.ubuntu.com/usn/USN-2801-1http://www.ubuntu.com/usn/USN-2804-1http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172187.htmlhttp://www.ubuntu.com/usn/USN-2807-1http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.htmlhttp://www.ubuntu.com/usn/USN-2806-1http://www.ubuntu.com/usn/USN-2800-1http://lists.opensuse.org/opensuse-updates/2015-12/msg00053.htmlhttp://rhn.redhat.com/errata/RHSA-2015-2645.htmlhttp://www.ubuntu.com/usn/USN-2803-1https://kb.juniper.net/JSA10783https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823620https://usn.ubuntu.com/2803-1/https://access.redhat.com/security/cve/cve-2015-5307https://www.debian.org/security/./dsa-3414
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907hardcodedinjectCVE-2024-20359CVE-2024-2467CVE-2024-4077CVE-2024-22391cameraCVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook