Security Advisory

#CVE-2015-5307 and CVE-2015-8104

Published on November 10th, 2015

Summary Description

This security advisory address CVE-2015-5307 and CVE-2015-8104, pertaining to a bug in the Intel x86 architecture, which may cause the CPU to enter a loop if a 32-bit operating system triggers alignment exception under certain conditions.

At present this vulnerability we have not discovered exploitation vectors for any of the A10 appliances and software.

Details

Current versions of HVA are running code that does not have additional protection against this vulnerability.

However the bug is not exploitable since all software running as guest OS in HVA is under A10 control and does not exhibit the properties necessary to trigger the exception.

Mitigation Recommendations

None needed.

Vulnerability Assessment

Affected Platforms: HVA
Affected Software Versions: 1.0.x

Software Updates

Despite the lack of vulnerability A10 will deliver the software updates in the next available release after they have been published in the upstream software.

The new software images will be published at the following URL when available:
http://www.a10networks.com/support-axseries/downloads/downloads.php

The following table summarizes update versions resolving all of the above CVEs.

Vulnerable Release

Resolved Release

1.0.x