CVE-2015-5307

NameCVE-2015-5307
DescriptionThe KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-479-1, DSA-3396-1, DSA-3414-1, DSA-3454-1
NVD severitymedium
Debian Bugs823620

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
linux (PTS)stretch4.9.228-1fixed
stretch (security)4.9.210-1+deb9u1fixed
buster4.19.132-1fixed
buster (security)4.19.118-2+deb10u1fixed
bullseye, sid5.7.10-1fixed
virtualbox (PTS)sid/contrib6.1.12-dfsg-8fixed
xen (PTS)stretch (security), stretch4.8.5.final+shim4.10.4-1+deb9u12fixed
buster, buster (security)4.11.4+24-gddaaccbbab-1~deb10u1fixed
bullseye, sid4.11.4+24-gddaaccbbab-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
linuxsourcewheezy3.2.68-1+deb7u6DSA-3396-1
linuxsourcejessie3.16.7-ckt11-1+deb8u6DSA-3396-1
linuxsource(unstable)4.2.6-1
linux-2.6source(unstable)(unfixed)
virtualboxsourcewheezy(unfixed)end-of-life
virtualboxsourcejessie4.3.36-dfsg-1+deb8u1DSA-3454-1
virtualboxsource(unstable)5.0.10-dfsg-1
xensourcesqueeze(unfixed)end-of-life
xensourcewheezy4.1.6.1-1+deb7u1DLA-479-1
xensourcejessie4.4.1-9+deb8u3DSA-3414-1
xensource(unstable)4.8.0~rc3-1823620

Notes

[squeeze] - linux-2.6 <no-dsa> (KVM not supported in Squeeze LTS)
[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
http://xenbits.xen.org/xsa/advisory-156.html
[wheezy] - virtualbox <end-of-life> (DSA 3454)
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixOVIR

Search for package or bug name: Reporting problems