| Description: | Summary:
The remote host is missing an update for the 'linux-lts-trusty'
package(s) announced via the referenced advisory.
Vulnerability Insight:
Andy Lutomirski discovered a flaw in the
Linux kernel's handling of nested NMIs (non-maskable interrupts). An unprivileged
local user could exploit this flaw to cause a denial of service (system crash) or
potentially escalate their privileges. (CVE-2015-3290)
Colin King discovered a flaw in the add_key function of the Linux kernel's
keyring subsystem. A local user could exploit this flaw to cause a denial
of service (memory exhaustion). (CVE-2015-1333)
Andy Lutomirski discovered a flaw that allows user to cause the Linux
kernel to ignore some NMIs (non-maskable interrupts). A local unprivileged
user could exploit this flaw to potentially cause the system to miss
important NMIs resulting in unspecified effects. (CVE-2015-3291)
Andy Lutomirski and Petr Matousek discovered that an NMI (non-maskable
interrupt) that interrupts userspace and encounters an IRET fault is
incorrectly handled by the Linux kernel. An unprivileged local user could
exploit this flaw to cause a denial of service (kernel OOPs), corruption,
or potentially escalate privileges on the system. (CVE-2015-5157)
Affected Software/OS:
linux-lts-trusty on Ubuntu 12.04 LTS
Solution:
Please Install the Updated Packages.
CVSS Score:
7.2
CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
