CVE-2015-2672 : The xsave/xrstor implementation in arch/x86/include/asm/xsave.h in the Linux ker

The xsave/xrstor implementation in arch/x86/include/asm/xsave.h in the Linux kernel before 3.19.2 creates certain .altinstr_replacement pointers and consequently does not provide any protection against instruction faulting, which allows local users to cause a denial of service (panic) by triggering a fault, as demonstrated by an unaligned memory operand or a non-canonical address memory operand.

Published 2016-05-02 10:59:10

Updated 2025-04-12 10:46:41

Source MITRE

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2015-2672

Linux » Linux Kernel
Versions up to, including, (<=) 3.19.1
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2015-2672

EPSS FAQ

0.11%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 26 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2015-2672

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.9	MEDIUM	AV:L/AC:L/Au:N/C:N/I:N/A:C	3.9	6.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete
5.5	MEDIUM	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	1.8	3.6	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2015-2672

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-2672

http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.2

CVEs referencing this url
https://bugzilla.redhat.com/show_bug.cgi?id=1204729

1204729 – (CVE-2015-2672) CVE-2015-2672 kernel: unprivileged denial-of-service due to mis-protected xsave/xrstor instructions
https://github.com/torvalds/linux/commit/06c8173eb92bbfc03a0fe8bb64315857d0badd06

x86/fpu/xsaves: Fix improper uses of __ex_table · torvalds/linux@06c8173 · GitHub
Vendor Advisory
http://www.openwall.com/lists/oss-security/2015/03/22/1

oss-security - Re: CVE Request: Linux kernel unprivileged denial-of-service due to mis-protected xsave/xrstor instructions.
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=06c8173eb92bbfc03a0fe8bb64315857d0badd06

kernel/git/torvalds/linux.git - Linux kernel source tree
Vendor Advisory

Jump to

Vulnerability Details : CVE-2015-2672

Products affected by CVE-2015-2672

Exploit prediction scoring system (EPSS) score for CVE-2015-2672

CVSS scores for CVE-2015-2672

CWE ids for CVE-2015-2672

References for CVE-2015-2672