CVE-2016-3713 (retired)

Priority
Description
The msr_mtrr_valid function in arch/x86/kvm/mtrr.c in the Linux kernel
before 4.6.1 supports MSR 0x2f8, which allows guest OS users to read or
write to the kvm_arch_vcpu data structure, and consequently obtain
sensitive information or cause a denial of service (system crash), via a
crafted ioctl call.
Ubuntu-Description
David Matlack discovered that the Kernel-based Virtual Machine (KVM)
implementation in the Linux kernel did not properly restrict variable
Memory Type Range Registers (MTRR) in KVM guests. A privileged user in a
guest VM could use this to cause a denial of service (system crash) in the
host, expose sensitive information from the host, or possibly gain
administrative privileges in the host.
Notes
 jdstrand> android kernels (flo, goldfish, grouper, maguro, mako and manta) are
  not supported on the Ubuntu Touch 14.10 and earlier preview kernels
 jdstrand> linux-lts-saucy no longer receives official support
 jdstrand> linux-lts-quantal no longer receives official support
 sbeattie> x86 issue only
Package
Source: linux (LP Ubuntu Debian)
Upstream:released (4.7~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected
Ubuntu 16.04 LTS (Xenial Xerus):released (4.4.0-22.40)
Patches:
Introduced by 910a6aae4e2e45855efc4a268e43eed2d8445575Fixed by 9842df62004f366b9fed2423e24df10542ee0dc5
Package
Upstream:released (4.7~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (4.7~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (4.4.0-1002.2)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (4.4.0-1001.10)
Package
Upstream:released (4.7~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):ignored
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Package
Upstream:released (4.7~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (4.4.0-1003.3)
Package
Upstream:released (4.7~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):ignored
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Package
Upstream:released (4.7~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):ignored
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (4.7~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (4.8.0-36.36~16.04.1)
Package
Upstream:released (4.7~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (4.8.0-36.36~16.04.1)
Package
linux-krillin:not-affected (x86 only)
Package
Upstream:released (4.7~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (4.7~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (4.7~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (4.7~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Patches:
Package
Upstream:released (4.7~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (4.7~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (4.7~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (4.7~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (4.7~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (4.7~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):released (4.2.0-36.42~14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (4.7~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):released (4.4.0-22.40~14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (4.7~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):ignored
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (4.7~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):ignored
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (x86 only)
Package
Upstream:not-affected (x86 only)
Ubuntu 14.04 LTS (Trusty Tahr):ignored
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (4.7~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (4.7~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (x86 only)
Package
Upstream:released (4.7~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (x86 only)
Package
Upstream:released (4.7~rc1)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
linux-vegetahd:not-affected (x86 only)
More Information

Updated: 2019-03-26 12:19:57 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)