Published: Tuesday, November 10th, 2015
Last Update: Tuesday, November 10th, 2015
This security advisory address CVE-2015-5307 and CVE-2015-8104, pertaining to a bug in the Intel x86 architecture, which may cause the CPU to enter a loop if a 32-bit operating system triggers alignment exception under certain conditions.
At present this vulnerability we have not discovered exploitation vectors for any of the A10 appliances and software.
Current versions of HVA are running code that does not have additional protection against this vulnerability.
However the bug is not exploitable since all software running as guest OS in HVA is under A10 control and does not exhibit the properties necessary to trigger the exception.
Workarounds and Mitigations
Despite the lack of vulnerability A10 will deliver the software updates in the next available release after they have been published in the upstream software.
The new software images will be published at the following URL when available: click here
The following table summarizes update versions resolving all of the above CVEs.
Affected Platforms: HVA
Affected Software Versions: 1.0.x