#CVE-2015-5307 and CVE-2015-8104

Tuesday, November 10, 2015
Summary 

This security advisory address CVE-2015-5307 and CVE-2015-8104, pertaining to a bug in the Intel x86 architecture, which may cause the CPU to enter a loop if a 32-bit operating system triggers alignment exception under certain conditions.

At present this vulnerability we have not discovered exploitation vectors for any of the A10 appliances and software.

Details

Current versions of HVA are running code that does not have additional protection against this vulnerability.

However the bug is not exploitable since all software running as guest OS in HVA is under A10 control and does not exhibit the properties necessary to trigger the exception.

Workarounds and Mitigations 

None needed.

Software Updates 

Despite the lack of vulnerability A10 will deliver the software updates in the next available release after they have been published in the upstream software.

The new software images will be published at the following URL when available:
http://www.a10networks.com/support-axseries/

The following table summarizes update versions resolving all of the above CVEs.

Vulnerable Release

Resolved Release

1.0.x

 

Vulnerability Details

Affected Platforms: HVA
Affected Software Versions: 1.0.x

Modification History 
RevisionDateDescription
1.0
April 18, 2018

Created web page