CVE-2015-3290 Linux Kernel NMI Vulnerability
Severity
High
Vendor
Canonical Ubuntu
Versions Affected
- Canonical Ubuntu - Kernel 3.19
Description
A flaw was found in Linux kernel’s handling of nested non-maskable interrupts (NMIs). This flaw could allow an unprivileged local user to escalate their privileges or potentially cause a denial of service through a system crash.
Affected VMware Products and Versions
Severity is high unless otherwise noted.
- The Cloud Foundry project BOSH stemcells version 3025 or earlier contain this vulnerability.
- Pivotal Elastic Runtime 1.5.1 references stemcells that contain this vulnerability.
- OpsManager 1.5.1 includes stemcells with this vulnerability.
Mitigation
Users of affected versions should apply the following mitigation:
- The Cloud Foundry project has released BOSH stemcell 3026 which contains a patched version of the Linux kernel. It is recommended that Cloud Foundry Runtime deployments apply stemcell version 3026 or greater.
- Pivotal recommends that customers upgrade to the 1.5.2 versions of the Ops Manager and Elastic Runtime products, which are now available on Pivotal Network. These new versions reference patched stemcells that resolve the identified vulnerability.
Credit
Andy Lutomirski