#VU2590 Privilege escalation in Linux kernel - CVE-2015-5157

Cybersecurity Help s.r.o.

Published: 2016-12-21 | Updated: 2018-04-16

Vulnerability identifier: #VU2590

Vulnerability risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2015-5157

CWE-ID: CWE-264

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description
The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists in arch/x86/entry/entry_64.S on the x86_64 platform due to mishandling of IRET faults in processing NMIs that occurred during userspace execution. A local attacker can trigger NMI and bypass security restrictions.

Mitigation
Update to version 4.1.6.

Vulnerable software versions

Linux kernel: 4.1.1 - 4.1.4

External links
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.6

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Red Hat update for kernel

Red Hat update for kernel-rt

Red Hat update for kernel

Multiple vulnerabilities in Linux Kernel