CVE-2015-2666 (retired)

Priority
Description
Stack-based buffer overflow in the get_matching_model_microcode function in
arch/x86/kernel/cpu/microcode/intel_early.c in the Linux kernel before 4.0
allows context-dependent attackers to gain privileges by constructing a
crafted microcode header and leveraging root privileges for write access to
the initrd.
Ubuntu-Description
A stack overflow was discovered in the the microcode loader for the intel
x86 platform. A local attacker could exploit this flaw to cause a denial of
service (kernel crash) or to potentially execute code with kernel
privileges.
Notes
 jdstrand> android kernels (flo, goldfish, grouper, maguro, mako and manta) are
  not supported on the Ubuntu Touch 14.10 and earlier preview kernels
 jdstrand> linux-lts-saucy no longer receives official support
 jdstrand> linux-lts-quantal no longer receives official support
 sbeattie> introduced in https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ec400ddeff200b068ddc6c70f7321f49ecf32ed5 (v3.9-rc1)
Package
Source: linux (LP Ubuntu Debian)
Upstream:released (4.0~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):released (3.13.0-51.84)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (4.2.0-16.19)
Patches:
Introduced by ec400ddeff200b068ddc6c70f7321f49ecf32ed5Fixed by f84598bd7c851f8b0bf8cd0d7c3be0d73c432ff4
Package
Upstream:released (4.0~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (4.0~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (4.0~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):ignored
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Package
Upstream:released (4.0~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (4.0~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):ignored
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Package
Upstream:released (4.0~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):ignored
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (4.0~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (4.0~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (4.0~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (4.0~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Patches:
Package
Upstream:released (4.0~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (4.0~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (4.0~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (4.0~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):released (3.16.0-36.48~14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (4.0~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (3.19.0-18.18~14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (4.0~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):ignored
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (4.0~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):ignored
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Package
Upstream:released (4.0~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):ignored
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Package
Upstream:released (4.0~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (4.0~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (4.0~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (4.2.0-1014.21)
Package
Upstream:released (4.0~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
More Information

Updated: 2019-03-26 12:14:51 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)