CVE-2015-0239

Advisory lineage Upstream: 0 Downstream: 10
Modified
Published: 02 Mar 2015, 11:00
Last modified:06 Aug 2024, 04:03

Vulnerability Summary

Overall Risk (default)
medium
28/100
CVSS Score
4.4 MEDIUM
v2.0 (nvd)
EPSS Score
0.1% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
1 found
Dark Web
Not detected

Timeline

02 Mar 2015, 11:00
Published
Vulnerability first disclosed
06 Aug 2024, 04:03
Last Modified
Vulnerability information updated

Description

The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization, allows guest OS users to gain guest OS privileges or cause a denial of service (guest OS crash) by triggering use of a 16-bit code segment for emulation of a SYSENTER instruction.

CVSS Metrics

  • v2.0MEDIUMScore: 4.4AV:L/AC:M/Au:N/C:P/I:P/A:P

EPSS Trends

Current EPSS score: 0.10% Percentile: 27%

Techniques & Countermeasures

  • CWE-269Improper Privilege Management

    The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Affected Systems

  • canonicalubuntu_linux

    12.04 | 14.04 | 14.10

  • debiandebian_linux

    7.0 | 8.0

  • linuxlinux_kernel

    < 3.18.5

  • oraclelinux

    5 | 7

  • redhatenterprise_linux_desktop

    6.0

  • redhatenterprise_linux_server

    6.0

  • redhatenterprise_linux_workstation

    6.0

References (18)