CVE-2015-7513

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

arch/x86/kvm/x86.c in the Linux kernel before 4.4 does not reset the PIT counter values during state restoration, which allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via a zero value, related to the kvm_vm_ioctl_set_pit and kvm_vm_ioctl_set_pit2 functions.

References

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0185604c2d82c560dab2f2933a18f797e74ab5a8

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html

http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175792.html

http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176194.html

http://www.debian.org/security/2016/dsa-3434

http://www.openwall.com/lists/oss-security/2016/01/07/2

http://www.securityfocus.com/bid/79901

http://www.securitytracker.com/id/1034602

http://www.ubuntu.com/usn/USN-2886-1

http://www.ubuntu.com/usn/USN-2887-1

http://www.ubuntu.com/usn/USN-2887-2

http://www.ubuntu.com/usn/USN-2888-1

http://www.ubuntu.com/usn/USN-2889-1

http://www.ubuntu.com/usn/USN-2889-2

http://www.ubuntu.com/usn/USN-2890-1

http://www.ubuntu.com/usn/USN-2890-2

http://www.ubuntu.com/usn/USN-2890-3

https://bugzilla.redhat.com/show_bug.cgi?id=1284847

https://github.com/torvalds/linux/commit/0185604c2d82c560dab2f2933a18f797e74ab5a8

Details

Source: MITRE

Published: 2016-02-08

Updated: 2017-11-04

Risk Information

CVSS v2

Base Score: 4.9

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 3.9

Severity: MEDIUM

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Impact Score: 4

Exploitability Score: 2

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:*:rc8:*:*:*:*:*:* versions up to 4.4 (inclusive)

Tenable Plugins

View all (21 total)

IDNameProductFamilySeverity
124826EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1503)NessusHuawei Local Security Checks
critical
124812EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1488)NessusHuawei Local Security Checks
medium
96903SUSE SLES11 Security Update : kernel (SUSE-SU-2017:0333-1)NessusSuSE Local Security Checks
critical
95536SUSE SLES11 Security Update : kernel (SUSE-SU-2016:2976-1)NessusSuSE Local Security Checks
critical
94303openSUSE Security Update : the Linux Kernel (openSUSE-2016-1227) (Dirty COW)NessusSuSE Local Security Checks
critical
93679OracleVM 3.4 : Unbreakable / etc (OVMSA-2016-0100)NessusOracleVM Local Security Checks
critical
93370SUSE SLES11 Security Update : kernel (SUSE-SU-2016:2245-1)NessusSuSE Local Security Checks
critical
93148Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2016-3596)NessusOracle Linux Local Security Checks
critical
89600Fedora 23 : kernel-4.3.3-303.fc23 (2016-b59fd603be)NessusFedora Local Security Checks
high
89554Fedora 22 : kernel-4.3.4-200.fc22 (2016-5d43766e33)NessusFedora Local Security Checks
critical
89497Fedora 23 : kernel-4.3.3-301.fc23 (2016-26e19f042a)NessusFedora Local Security Checks
medium
88526Ubuntu 15.10 : linux-raspi2 vulnerabilities (USN-2890-3)NessusUbuntu Local Security Checks
critical
88525Ubuntu 14.04 LTS : linux-lts-wily vulnerabilities (USN-2890-2)NessusUbuntu Local Security Checks
critical
88524Ubuntu 15.10 : linux vulnerabilities (USN-2890-1)NessusUbuntu Local Security Checks
critical
88523Ubuntu 14.04 LTS : linux-lts-vivid vulnerabilities (USN-2889-2)NessusUbuntu Local Security Checks
critical
88522Ubuntu 15.04 : linux vulnerabilities (USN-2889-1)NessusUbuntu Local Security Checks
critical
88521Ubuntu 14.04 LTS : linux-lts-utopic vulnerabilities (USN-2888-1)NessusUbuntu Local Security Checks
high
88520Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2887-2)NessusUbuntu Local Security Checks
medium
88519Ubuntu 14.04 LTS : linux vulnerabilities (USN-2887-1)NessusUbuntu Local Security Checks
medium
88518Ubuntu 12.04 LTS : linux vulnerabilities (USN-2886-1)NessusUbuntu Local Security Checks
high
87741Debian DSA-3434-1 : linux - security updateNessusDebian Local Security Checks
high