{
  "threat_severity" : "Important",
  "public_date" : "2015-11-10T00:00:00Z",
  "bugzilla" : {
    "description" : "virt: guest to host DoS by triggering an infinite loop in microcode via #AC exception",
    "id" : "1277172",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1277172"
  },
  "cvss" : {
    "cvss_base_score" : "5.2",
    "cvss_scoring_vector" : "AV:A/AC:M/Au:S/C:N/I:N/A:C",
    "status" : "verified"
  },
  "cwe" : "CWE-835",
  "details" : [ "The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c.", "It was found that the x86 ISA (Instruction Set Architecture) is prone to a denial of service attack inside a virtualized environment in the form of an infinite loop in the microcode due to the way (sequential) delivering of benign exceptions such as #AC (alignment check exception) is handled. A privileged user inside a guest could use this flaw to create denial of service conditions on the host kernel." ],
  "statement" : "This issue affects the version of the kvm and xen packages as shipped with Red Hat Enterprise Linux 5.\nThis issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG 2.\nThis issue affects the version of Linux kernel as shipped with Red Hat Enterprise Linux 6 and 7. Future kernel updates for the respective releases may address this issue.\nRed Hat Enterprise Linux 5 is now in Production Phase 3 of the support and maintenance life cycle. Thus it is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.",
  "acknowledgement" : "Red Hat would like to thank Ben Serebrin (Google Inc.) for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2015-12-15T00:00:00Z",
    "advisory" : "RHSA-2015:2636",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "kernel-0:2.6.32-573.12.1.el6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6.2 Advanced Update Support",
    "release_date" : "2016-01-19T00:00:00Z",
    "advisory" : "RHSA-2016:0046",
    "cpe" : "cpe:/o:redhat:rhel_mission_critical:6.2",
    "package" : "kernel-0:2.6.32-220.65.1.el6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6.4 Advanced Update Support",
    "release_date" : "2016-01-07T00:00:00Z",
    "advisory" : "RHSA-2016:0004",
    "cpe" : "cpe:/o:redhat:rhel_aus:6.4",
    "package" : "kernel-0:2.6.32-358.69.1.el6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6.5 Advanced Update Support",
    "release_date" : "2015-12-15T00:00:00Z",
    "advisory" : "RHSA-2015:2645",
    "cpe" : "cpe:/o:redhat:rhel_aus:6.5",
    "package" : "kernel-0:2.6.32-431.68.1.el6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6.6 Extended Update Support",
    "release_date" : "2016-01-12T00:00:00Z",
    "advisory" : "RHSA-2016:0024",
    "cpe" : "cpe:/o:redhat:rhel_eus:6.6",
    "package" : "kernel-0:2.6.32-504.40.1.el6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2015-12-08T00:00:00Z",
    "advisory" : "RHSA-2015:2552",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "kernel-0:3.10.0-327.3.1.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.1 Extended Update Support",
    "release_date" : "2015-12-09T00:00:00Z",
    "advisory" : "RHSA-2015:2587",
    "cpe" : "cpe:/o:redhat:rhel_eus:7.1",
    "package" : "kernel-0:3.10.0-229.24.2.ael7b"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Will not fix",
    "package_name" : "kvm",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Will not fix",
    "package_name" : "xen",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise MRG 2",
    "fix_state" : "Not affected",
    "package_name" : "realtime-kernel",
    "cpe" : "cpe:/a:redhat:enterprise_mrg:2"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2015-5307\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5307" ],
  "name" : "CVE-2015-5307",
  "csaw" : false
}