CVE-2015-5307
virtualbox - security update
EPSS 0.10%
Description
The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c.
How to fix CVE-2015-5307
To remediate CVE-2015-5307, upgrade the affected package to a fixed version below.
- Debian/linux—upgrade to 4.2.6-1 or later
- Debian/linux—upgrade to 3.2.68-1+deb7u6 or later
- Debian/virtualbox—upgrade to 4.3.36-dfsg-1+deb8u1 or later
- —upgrade to 4.8.0~rc3-1 or later
Is CVE-2015-5307 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (4)
- from 0, < 4.2.6-1
- from 0, < 3.2.68-1+deb7u6
- from 0, < 4.3.36-dfsg-1+deb8u1
- from 0, < 4.8.0~rc3-1