Name | CVE-2015-5307 |
Description | The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c. |
Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
References | DLA-479-1, DSA-3396-1, DSA-3414-1, DSA-3454-1 |
Debian Bugs | 823620 |
The table below lists information on source packages.
Source Package | Release | Version | Status |
---|---|---|---|
linux (PTS) | bullseye | 5.10.223-1 | fixed |
bullseye (security) | 5.10.226-1 | fixed | |
bookworm | 6.1.115-1 | fixed | |
bookworm (security) | 6.1.119-1 | fixed | |
trixie | 6.12.5-1 | fixed | |
sid | 6.12.6-1 | fixed | |
virtualbox (PTS) | sid/contrib | 7.0.20-dfsg-1 | fixed |
xen (PTS) | bullseye | 4.14.6-1 | fixed |
bullseye (security) | 4.14.5+94-ge49571868d-1 | fixed | |
bookworm | 4.17.3+10-g091466ba55-1~deb12u1 | fixed | |
trixie | 4.17.3+36-g54dacb5c02-1 | fixed | |
sid | 4.19.1-1 | fixed |
The information below is based on the following data on fixed versions.
Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
---|---|---|---|---|---|---|
linux | source | wheezy | 3.2.68-1+deb7u6 | DSA-3396-1 | ||
linux | source | jessie | 3.16.7-ckt11-1+deb8u6 | DSA-3396-1 | ||
linux | source | (unstable) | 4.2.6-1 | |||
linux-2.6 | source | (unstable) | (unfixed) | |||
virtualbox | source | wheezy | (unfixed) | end-of-life | ||
virtualbox | source | jessie | 4.3.36-dfsg-1+deb8u1 | DSA-3454-1 | ||
virtualbox | source | (unstable) | 5.0.10-dfsg-1 | |||
xen | source | squeeze | (unfixed) | end-of-life | ||
xen | source | wheezy | 4.1.6.1-1+deb7u1 | DLA-479-1 | ||
xen | source | jessie | 4.4.1-9+deb8u3 | DSA-3414-1 | ||
xen | source | (unstable) | 4.8.0~rc3-1 | 823620 |
[squeeze] - linux-2.6 <no-dsa> (KVM not supported in Squeeze LTS)
[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
http://xenbits.xen.org/xsa/advisory-156.html
[wheezy] - virtualbox <end-of-life> (DSA 3454)
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixOVIR