USN-2689-1

Description

linux-lts-utopic vulnerabilities Andy Lutomirski discovered a flaw in the Linux kernel's handling of nested NMIs (non-maskable interrupts). An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or potentially escalate their privileges. (CVE-2015-3290) Colin King discovered a flaw in the add_key function of the Linux kernel's keyring subsystem. A local user could exploit this flaw to cause a denial of service (memory exhaustion). (CVE-2015-1333) Andy Lutomirski discovered a flaw that allows user to cause the Linux kernel to ignore some NMIs (non-maskable interrupts). A local unprivileged user could exploit this flaw to potentially cause the system to miss important NMIs resulting in unspecified effects. (CVE-2015-3291) Andy Lutomirski and Petr Matousek discovered that an NMI (non-maskable interrupt) that interrupts userspace and encounters an IRET fault is incorrectly handled by the Linux kernel. An unprivileged local user could exploit this flaw to cause a denial of service (kernel OOPs), corruption, or potentially escalate privileges on the system. (CVE-2015-5157)

Affected Systems

• ubuntu•linux-lts-utopic

  < 3.16.0-45.60~14.04.1

References (5)

• https://ubuntu.com/security/notices/USN-2689-1
• https://ubuntu.com/security/CVE-2015-1333
• https://ubuntu.com/security/CVE-2015-3290
• https://ubuntu.com/security/CVE-2015-3291
• https://ubuntu.com/security/CVE-2015-5157