[sssForm]

Security Advisory

#CVE-2015-5307 and CVE-2015-8104
Published: November 10, 2015
Last Update: November 10, 2015
Summary

This security advisory address CVE-2015-5307 and CVE-2015-8104, pertaining to a bug in the Intel x86 architecture, which may cause the CPU to enter a loop if a 32-bit operating system triggers alignment exception under certain conditions.

At present this vulnerability we have not discovered exploitation vectors for any of the A10 appliances and software.

Details

Current versions of HVA are running code that does not have additional protection against this vulnerability.

However the bug is not exploitable since all software running as guest OS in HVA is under A10 control and does not exhibit the properties necessary to trigger the exception.

Affected Releases
Workarounds and Mitigations

None needed.

Software Updates

Despite the lack of vulnerability A10 will deliver the software updates in the next available release after they have been published in the upstream software.

The new software images will be published at the following URL when available: click here

The following table summarizes update versions resolving all of the above CVEs.

Vulnerable Release

Resolved Release

1.0.x

Vulnerability Details

Affected Platforms: HVA
Affected Software Versions: 1.0.x

Vulnerability ID Vulnerability Description
Related Links
Ref # General Link
Acknowledgements
Modification History
Revision Date Description
1.0 April 18, 2018

Created web page