CVE-2015-0239

CVSS V2 Medium 4.4 CVSS V3 None
Description
The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization, allows guest OS users to gain guest OS privileges or cause a denial of service (guest OS crash) by triggering use of a 16-bit code segment for emulation of a SYSENTER instruction.
Overview
  • CVE ID
  • CVE-2015-0239
  • Assigner
  • secalert@redhat.com
  • Vulnerability Status
  • Modified
  • Published Version
  • 2015-03-02T11:59:04
  • Last Modified Date
  • 2023-02-13T00:45:44
Weakness Enumerations
CWE URL
CWE-269 http://cwe.mitre.org/data/definitions/269.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 1 OR 3.18.5
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:* 1 OR
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:* 1 OR
cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:oracle:linux:5:-:*:*:*:*:*:* 1 OR
cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:L/AC:M/Au:N/C:P/I:P/A:P
  • Access Vector
  • LOCAL
  • Access Compatibility
  • MEDIUM
  • Authentication
  • NONE
  • Confidentiality Impact
  • PARTIAL
  • Integrity Impact
  • PARTIAL
  • Availability Impact
  • PARTIAL
  • Base Score
  • 4.4
  • Severity
  • MEDIUM
  • Exploitability Score
  • 3.4
  • Impact Score
  • 6.4
References
Reference URL Reference Tags
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f3747379accba8e95d70cec0eae0582c8c182050
http://permalink.gmane.org/gmane.linux.kernel.commits.head/502245 Broken Link
http://rhn.redhat.com/errata/RHSA-2015-1272.html Third Party Advisory
http://www.debian.org/security/2015/dsa-3170 Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.5 Release Notes Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2015:058 Third Party Advisory
http://www.openwall.com/lists/oss-security/2015/01/27/6 Exploit Mailing List Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html Third Party Advisory
http://www.securityfocus.com/bid/72842 Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-2513-1 Third Party Advisory
http://www.ubuntu.com/usn/USN-2514-1 Third Party Advisory
http://www.ubuntu.com/usn/USN-2515-1 Third Party Advisory
http://www.ubuntu.com/usn/USN-2516-1 Third Party Advisory
http://www.ubuntu.com/usn/USN-2517-1 Third Party Advisory
http://www.ubuntu.com/usn/USN-2518-1 Third Party Advisory
https://access.redhat.com/errata/RHSA-2015:1272
https://access.redhat.com/errata/RHSA-2015:2152
https://access.redhat.com/security/cve/CVE-2015-0239
https://bugzilla.redhat.com/show_bug.cgi?id=1186448 Issue Tracking Third Party Advisory
https://github.com/torvalds/linux/commit/f3747379accba8e95d70cec0eae0582c8c182050 Patch Third Party Advisory
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2015-0239
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0239
History
Created Old Value New Value Data Type Notes
2022-05-10 17:31:09 Added to TrackCVE
2022-12-02 03:45:36 2015-03-02T11:59Z 2015-03-02T11:59:04 CVE Published Date updated
2022-12-02 03:45:36 2020-05-21T14:19:07 CVE Modified Date updated
2022-12-02 03:45:36 Analyzed Vulnerability Status updated
2023-02-02 21:04:54 2023-02-02T20:20:00 CVE Modified Date updated
2023-02-02 21:04:54 Analyzed Modified Vulnerability Status updated
2023-02-02 21:04:54 The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization, allows guest OS users to gain guest OS privileges or cause a denial of service (guest OS crash) by triggering use of a 16-bit code segment for emulation of a SYSENTER instruction. It was found that the Linux kernel KVM subsystem's sysenter instruction emulation was not sufficient. An unprivileged guest user could use this flaw to escalate their privileges by tricking the hypervisor to emulate a SYSENTER instruction in 16-bit mode, if the guest OS did not initialize the SYSENTER model-specific registers (MSRs). Note: Certified guest operating systems for Red Hat Enterprise Linux with KVM do initialize the SYSENTER MSRs and are thus not vulnerable to this issue when running on a KVM hypervisor. Description updated
2023-02-02 21:05:01 References updated
2023-02-13 01:05:46 2023-02-13T00:45:44 CVE Modified Date updated
2023-02-13 01:05:47 It was found that the Linux kernel KVM subsystem's sysenter instruction emulation was not sufficient. An unprivileged guest user could use this flaw to escalate their privileges by tricking the hypervisor to emulate a SYSENTER instruction in 16-bit mode, if the guest OS did not initialize the SYSENTER model-specific registers (MSRs). Note: Certified guest operating systems for Red Hat Enterprise Linux with KVM do initialize the SYSENTER MSRs and are thus not vulnerable to this issue when running on a KVM hypervisor. The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization, allows guest OS users to gain guest OS privileges or cause a denial of service (guest OS crash) by triggering use of a 16-bit code segment for emulation of a SYSENTER instruction. Description updated