CVE-2016-9083 in Ubuntu

CVE-2016-9083

Priority

Medium

Description

drivers/vfio/pci/vfio_pci.c in the Linux kernel through 4.8.11 allows local
users to bypass integer overflow checks, and cause a denial of service
(memory corruption) or have unspecified other impact, by leveraging access
to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl call, aka a
"state machine confusion bug."

Ubuntu-Description

Vlad Tsyrklevich discovered an integer overflow vulnerability in the VFIO
PCI driver for the Linux kernel. A local attacker with access to a vfio PCI
device file could use this to cause a denial of service (system crash) or
possibly execute arbitrary code.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9083
https://patchwork.kernel.org/patch/9373631/
http://www.ubuntu.com/usn/usn-3312-1
http://www.ubuntu.com/usn/usn-3312-2
http://www.ubuntu.com/usn/usn-3361-1
http://www.ubuntu.com/usn/usn-3422-1
http://www.ubuntu.com/usn/usn-3422-2

Notes

jdstrand> android kernels (flo, goldfish, grouper, maguro, mako and manta) are
not supported on the Ubuntu Touch 14.10 and earlier preview kernels
jdstrand> linux-lts-saucy no longer receives official support
jdstrand> linux-lts-quantal no longer receives official support

Package

Source: linux-lts-trusty (LP Ubuntu Debian)

Upstream:	released (4.9~rc4)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	released (3.13.0-132.181~precise1)
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-lts-wily (LP Ubuntu Debian)

Upstream:	released (4.9~rc4)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored (end-of-life)
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-kvm (LP Ubuntu Debian)

Upstream:	released (4.9~rc4)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	not-affected (4.4.0-1004.9)
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source tree: https://github.com/bq/aquaris-E5

linux-vegetahd:

not-affected

Package

Source: linux-lts-quantal (LP Ubuntu Debian)

Upstream:	released (4.9~rc4)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	DNE (precise was ignored [end-of-life])
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.04 (Zesty Zapus):	DNE

Patches:

Package

Source: linux-gke (LP Ubuntu Debian)

Upstream:	released (4.9~rc4)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.4.0-1014.14)
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux (LP Ubuntu Debian)

Upstream:	released (4.9~rc4)
Ubuntu 17.10 (Artful Aardvark):	not-affected (4.10.0-19.21)
Ubuntu 12.04 ESM (Precise Pangolin):	not-affected
Ubuntu 14.04 LTS (Trusty Tahr):	released (3.13.0-132.181)
Ubuntu Core 15.04:	ignored (was needed ESM criteria)
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.4.0-79.100)
Ubuntu 17.04 (Zesty Zapus):	not-affected (4.9.0-11.12)

Patches:

Introduced by 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153

Fixed by 05692d7005a364add85c6e25a6c4447ce08f913a

Package

Source: linux-ti-omap4 (LP Ubuntu Debian)

Upstream:	released (4.9~rc4)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	DNE (precise was not-affected)
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-lts-raring (LP Ubuntu Debian)

Upstream:	released (4.9~rc4)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	DNE (precise was ignored [end-of-life])
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-armadaxp (LP Ubuntu Debian)

Upstream:	released (4.9~rc4)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	DNE (precise was not-affected)
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-linaro-shared (LP Ubuntu Debian)

Upstream:	released (4.9~rc4)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	DNE (precise was ignored [abandoned])
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-maguro (LP Ubuntu Debian)

Upstream:	released (4.9~rc4)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-lts-xenial (LP Ubuntu Debian)

Upstream:	released (4.9~rc4)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	released (4.4.0-79.100~14.04.1)
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-lts-saucy (LP Ubuntu Debian)

Upstream:	released (4.9~rc4)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	DNE (precise was ignored [end-of-life])
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-gcp (LP Ubuntu Debian)

Upstream:	released (4.9~rc4)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	not-affected (4.10.0-1004.4)
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-hwe-edge (LP Ubuntu Debian)

Upstream:	released (4.9~rc4)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.10.0-14.16~16.04.1)
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-manta (LP Ubuntu Debian)

Upstream:	released (4.9~rc4)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-azure (LP Ubuntu Debian)

Upstream:	released (4.9~rc4)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	not-affected (4.11.0-1009.9)
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-grouper (LP Ubuntu Debian)

Upstream:	released (4.9~rc4)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-linaro-vexpress (LP Ubuntu Debian)

Upstream:	released (4.9~rc4)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	DNE (precise was ignored [abandoned])
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-qcm-msm (LP Ubuntu Debian)

Upstream:	released (4.9~rc4)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	DNE (precise was ignored [abandoned])
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-lts-vivid (LP Ubuntu Debian)

Upstream:	released (4.9~rc4)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored (was needed now end-of-life)
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-aws (LP Ubuntu Debian)

Upstream:	released (4.9~rc4)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	pending (4.4.0-1001.1)
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.4.0-1018.27)
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-raspi2 (LP Ubuntu Debian)

Upstream:	released (4.9~rc4)
Ubuntu 17.10 (Artful Aardvark):	not-affected (4.10.0-1004.6)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Core 15.04:	ignored (was needed now end-of-life)
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.4.0-1057.64)
Ubuntu 17.04 (Zesty Zapus):	not-affected (4.10.0-1001.3)

Package

Source: linux-snapdragon (LP Ubuntu Debian)

Upstream:	released (4.9~rc4)
Ubuntu 17.10 (Artful Aardvark):	not-affected (4.4.0-1059.63)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.4.0-1059.63)
Ubuntu 17.04 (Zesty Zapus):	released (4.4.0-1059.63)

Package

Source: linux-mako (LP Ubuntu Debian)

Upstream:	released (4.9~rc4)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	not-affected
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-linaro-omap (LP Ubuntu Debian)

Upstream:	released (4.9~rc4)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	DNE (precise was ignored [abandoned])
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-euclid (LP Ubuntu Debian)

Upstream:	released (4.9~rc4)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	needed
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-lts-utopic (LP Ubuntu Debian)

Upstream:	released (4.9~rc4)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored (end-of-life)
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-goldfish (LP Ubuntu Debian)

Upstream:	released (4.9~rc4)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	not-affected
Ubuntu 17.04 (Zesty Zapus):	not-affected

Package

Source: linux-hwe (LP Ubuntu Debian)

Upstream:	released (4.9~rc4)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.10.0-27.30~16.04.2)
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source tree: https://github.com/bq/aquaris-E4.5

linux-krillin:

not-affected

Package

Source: linux-flo (LP Ubuntu Debian)

Upstream:	released (4.9~rc4)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	not-affected
Ubuntu 17.04 (Zesty Zapus):	DNE

More Information

Updated: 2017-09-21 20:14:23 UTC (commit 13377)