CVE-2015-8709

Priority
Description
** DISPUTED ** kernel/ptrace.c in the Linux kernel through 4.4.1 mishandles
uid and gid mappings, which allows local users to gain privileges by
establishing a user namespace, waiting for a root process to enter that
namespace with an unsafe uid or gid, and then using the ptrace system call.
NOTE: the vendor states "there is no kernel bug here."
Ubuntu-Description
Jann Horn discovered a ptrace issue with user namespaces in the Linux
kernel. The namespace owner could potentially exploit this flaw by ptracing
a root owned process entering the user namespace to elevate its privileges
and potentially gain access outside of the namespace.
(http://bugs.launchpad.net/bugs/1527374, CVE-2015-8709)
Notes
sbeattiepublished fix has been reverted and replaced by upstream
commit. Published kernels are not vulnerable to this, the status is
tracking the state of the replaced commit coming through the trees.
Package
Source: linux (LP Ubuntu Debian)
Upstream:released (4.10~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (no userns support)
Ubuntu 14.04 ESM (Trusty Tahr):released (3.13.0-103.150)
Ubuntu 16.04 LTS (Xenial Xerus):released (4.4.0-51.72)
Patches:
Introduced by
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Fixed by
bfedb589252c01fa505ac9f6f2a3d5d68d707ef4
Package
Upstream:released (4.10~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
This package is not directly supported by the Ubuntu Security Team
Package
Upstream:released (4.10~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (4.4.0-1002.2)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (4.4.0-1001.10)
Package
Upstream:released (4.10~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was ignored)
Ubuntu 16.04 LTS (Xenial Xerus):ignored (abandoned)
Package
Upstream:released (4.10~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (4.10~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (4.4.0-1003.3)
Package
Upstream:released (4.10~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was ignored)
Ubuntu 16.04 LTS (Xenial Xerus):ignored (abandoned)
Package
Upstream:released (4.10~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was ignored)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (4.10~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (4.8.0-36.36~16.04.1)
Package
Upstream:released (4.10~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (4.8.0-36.36~16.04.1)
Product
linux-krillin:ignored (was needed now end-of-life)
Package
Upstream:released (4.10~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was ignored [abandoned])
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (4.10~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was ignored [abandoned])
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (4.10~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was ignored [abandoned])
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (4.10~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was ignored [end-of-life])
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Patches:
This package is not directly supported by the Ubuntu Security Team
Package
Upstream:released (4.10~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was ignored [end-of-life])
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (4.10~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was ignored [end-of-life])
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
This package is not directly supported by the Ubuntu Security Team
Package
Upstream:released (4.10~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):released (3.13.0-103.150~precise1)
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (4.10~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was released [3.16.0-57.77~14.04.1])
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (4.10~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was released [3.19.0-75.83~14.04.1])
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (4.10~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was released [4.2.0-22.27~14.04.1])
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (4.10~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):released (4.4.0-51.72~14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (4.10~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was ignored)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (4.10~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was ignored)
Ubuntu 16.04 LTS (Xenial Xerus):ignored (abandoned)
Package
Upstream:released (4.10~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was ignored)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (4.10~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was ignored [abandoned])
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (4.10~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.4.0-1038.45)
Package
Upstream:released (4.10~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.4.0-1042.46)
Package
Upstream:released (4.10~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was not-affected [no userns support])
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Product
linux-vegetahd:ignored (was needed now end-of-life)
More Information

Updated: 2019-12-05 18:43:24 UTC (commit dd38ff22974aae499eb50644b9d5a2817483cbdb)