Description
It was discovered in the Linux kernel before 4.11-rc8 that root can gain
direct access to an internal keyring, such as '.dns_resolver' in RHEL-7 or
'.builtin_trusted_keys' upstream, by joining it as its session keyring.
This allows root to bypass module signature verification by adding a new
public key of its own devising to the keyring.
Ubuntu-Description
It was discovered that the keyring implementation in the Linux kernel in
some situations did not prevent special internal keyrings from being joined
by userspace keyrings. A privileged local attacker could use this to bypass
module verification.
Notes
jdstrand | android kernels (flo, goldfish, grouper, maguro, mako and manta) are
not supported on the Ubuntu Touch 14.10 and earlier preview kernels
linux-lts-saucy no longer receives official support
linux-lts-quantal no longer receives official support |
Package
Upstream: | released
(4.11~rc8)
|
Ubuntu 12.04 ESM (Precise Pangolin): | DNE
(precise was needed)
|
Ubuntu 14.04 ESM (Trusty Tahr): | DNE
|
Ubuntu 16.04 LTS (Xenial Xerus): | DNE
|
Ubuntu 18.04 LTS (Bionic Beaver): | DNE
|
This package is not directly supported by the Ubuntu Security Team
Package
Upstream: | released
(4.11~rc8)
|
Ubuntu 12.04 ESM (Precise Pangolin): | DNE
|
Ubuntu 14.04 ESM (Trusty Tahr): | not-affected
(4.4.0-1002.2)
|
Ubuntu 16.04 LTS (Xenial Xerus): | released
(4.4.0-1018.27)
|
Ubuntu 18.04 LTS (Bionic Beaver): | DNE
|
Package
Upstream: | released
(4.11~rc8)
|
Ubuntu 12.04 ESM (Precise Pangolin): | DNE
|
Ubuntu 14.04 ESM (Trusty Tahr): | not-affected
(4.15.0-1023.24~14.04.1)
|
Ubuntu 16.04 LTS (Xenial Xerus): | not-affected
(4.11.0-1009.9)
|
Ubuntu 18.04 LTS (Bionic Beaver): | DNE
|
Package
Upstream: | released
(4.11~rc8)
|
Ubuntu 12.04 ESM (Precise Pangolin): | DNE
|
Ubuntu 14.04 ESM (Trusty Tahr): | DNE
|
Ubuntu 16.04 LTS (Xenial Xerus): | ignored
(was needed ESM criteria)
|
Ubuntu 18.04 LTS (Bionic Beaver): | DNE
|
Package
Upstream: | released
(4.11~rc8)
|
Ubuntu 12.04 ESM (Precise Pangolin): | DNE
|
Ubuntu 14.04 ESM (Trusty Tahr): | DNE
(trusty was ignored)
|
Ubuntu 16.04 LTS (Xenial Xerus): | ignored
(abandoned)
|
Ubuntu 18.04 LTS (Bionic Beaver): | DNE
|
Package
Upstream: | released
(4.11~rc8)
|
Ubuntu 12.04 ESM (Precise Pangolin): | DNE
|
Ubuntu 14.04 ESM (Trusty Tahr): | DNE
|
Ubuntu 16.04 LTS (Xenial Xerus): | not-affected
(4.10.0-1004.4)
|
Ubuntu 18.04 LTS (Bionic Beaver): | DNE
|
Package
Upstream: | released
(4.11~rc8)
|
Ubuntu 12.04 ESM (Precise Pangolin): | DNE
|
Ubuntu 14.04 ESM (Trusty Tahr): | DNE
|
Ubuntu 16.04 LTS (Xenial Xerus): | released
(4.4.0-1014.14)
|
Ubuntu 18.04 LTS (Bionic Beaver): | DNE
|
Package
Upstream: | released
(4.11~rc8)
|
Ubuntu 12.04 ESM (Precise Pangolin): | DNE
|
Ubuntu 14.04 ESM (Trusty Tahr): | DNE
(trusty was ignored)
|
Ubuntu 16.04 LTS (Xenial Xerus): | ignored
(abandoned)
|
Ubuntu 18.04 LTS (Bionic Beaver): | DNE
|
Package
Upstream: | released
(4.11~rc8)
|
Ubuntu 12.04 ESM (Precise Pangolin): | DNE
|
Ubuntu 14.04 ESM (Trusty Tahr): | DNE
(trusty was ignored)
|
Ubuntu 16.04 LTS (Xenial Xerus): | DNE
|
Ubuntu 18.04 LTS (Bionic Beaver): | DNE
|
Package
Upstream: | released
(4.11~rc8)
|
Ubuntu 12.04 ESM (Precise Pangolin): | DNE
|
Ubuntu 14.04 ESM (Trusty Tahr): | DNE
|
Ubuntu 16.04 LTS (Xenial Xerus): | released
(4.10.0-27.30~16.04.2)
|
Ubuntu 18.04 LTS (Bionic Beaver): | DNE
|
Package
Upstream: | released
(4.11~rc8)
|
Ubuntu 12.04 ESM (Precise Pangolin): | DNE
|
Ubuntu 14.04 ESM (Trusty Tahr): | DNE
|
Ubuntu 16.04 LTS (Xenial Xerus): | released
(4.10.0-27.30~16.04.2)
|
Ubuntu 18.04 LTS (Bionic Beaver): | DNE
|
Product
linux-krillin: | ignored
(was needed now end-of-life)
|
Package
Upstream: | released
(4.11~rc8)
|
Ubuntu 12.04 ESM (Precise Pangolin): | DNE
|
Ubuntu 14.04 ESM (Trusty Tahr): | DNE
|
Ubuntu 16.04 LTS (Xenial Xerus): | not-affected
(4.4.0-1004.9)
|
Ubuntu 18.04 LTS (Bionic Beaver): | DNE
|
Package
Upstream: | released
(4.11~rc8)
|
Ubuntu 12.04 ESM (Precise Pangolin): | DNE
(precise was ignored [abandoned])
|
Ubuntu 14.04 ESM (Trusty Tahr): | DNE
|
Ubuntu 16.04 LTS (Xenial Xerus): | DNE
|
Ubuntu 18.04 LTS (Bionic Beaver): | DNE
|
Package
Upstream: | released
(4.11~rc8)
|
Ubuntu 12.04 ESM (Precise Pangolin): | DNE
(precise was ignored [abandoned])
|
Ubuntu 14.04 ESM (Trusty Tahr): | DNE
|
Ubuntu 16.04 LTS (Xenial Xerus): | DNE
|
Ubuntu 18.04 LTS (Bionic Beaver): | DNE
|
Package
Upstream: | released
(4.11~rc8)
|
Ubuntu 12.04 ESM (Precise Pangolin): | DNE
(precise was ignored [abandoned])
|
Ubuntu 14.04 ESM (Trusty Tahr): | DNE
|
Ubuntu 16.04 LTS (Xenial Xerus): | DNE
|
Ubuntu 18.04 LTS (Bionic Beaver): | DNE
|
Package
Upstream: | released
(4.11~rc8)
|
Ubuntu 12.04 ESM (Precise Pangolin): | DNE
(precise was ignored [end-of-life])
|
Ubuntu 14.04 ESM (Trusty Tahr): | DNE
|
Ubuntu 16.04 LTS (Xenial Xerus): | DNE
|
Ubuntu 18.04 LTS (Bionic Beaver): | DNE
|
Patches:
This package is not directly supported by the Ubuntu Security Team
Package
Upstream: | released
(4.11~rc8)
|
Ubuntu 12.04 ESM (Precise Pangolin): | DNE
(precise was ignored [end-of-life])
|
Ubuntu 14.04 ESM (Trusty Tahr): | DNE
|
Ubuntu 16.04 LTS (Xenial Xerus): | DNE
|
Ubuntu 18.04 LTS (Bionic Beaver): | DNE
|
Package
Upstream: | released
(4.11~rc8)
|
Ubuntu 12.04 ESM (Precise Pangolin): | DNE
(precise was ignored [end-of-life])
|
Ubuntu 14.04 ESM (Trusty Tahr): | DNE
|
Ubuntu 16.04 LTS (Xenial Xerus): | DNE
|
Ubuntu 18.04 LTS (Bionic Beaver): | DNE
|
This package is not directly supported by the Ubuntu Security Team
Package
Upstream: | released
(4.11~rc8)
|
Ubuntu 12.04 ESM (Precise Pangolin): | released
(3.13.0-132.181~precise1)
|
Ubuntu 14.04 ESM (Trusty Tahr): | DNE
|
Ubuntu 16.04 LTS (Xenial Xerus): | DNE
|
Ubuntu 18.04 LTS (Bionic Beaver): | DNE
|
Package
Upstream: | released
(4.11~rc8)
|
Ubuntu 12.04 ESM (Precise Pangolin): | DNE
|
Ubuntu 14.04 ESM (Trusty Tahr): | DNE
(trusty was ignored [out of standard support])
|
Ubuntu 16.04 LTS (Xenial Xerus): | DNE
|
Ubuntu 18.04 LTS (Bionic Beaver): | DNE
|
Package
Upstream: | released
(4.11~rc8)
|
Ubuntu 12.04 ESM (Precise Pangolin): | DNE
|
Ubuntu 14.04 ESM (Trusty Tahr): | DNE
(trusty was ignored [was needed now end-of-life])
|
Ubuntu 16.04 LTS (Xenial Xerus): | DNE
|
Ubuntu 18.04 LTS (Bionic Beaver): | DNE
|
Package
Upstream: | released
(4.11~rc8)
|
Ubuntu 12.04 ESM (Precise Pangolin): | DNE
|
Ubuntu 14.04 ESM (Trusty Tahr): | DNE
(trusty was ignored [out of standard support])
|
Ubuntu 16.04 LTS (Xenial Xerus): | DNE
|
Ubuntu 18.04 LTS (Bionic Beaver): | DNE
|
Package
Upstream: | released
(4.11~rc8)
|
Ubuntu 12.04 ESM (Precise Pangolin): | DNE
|
Ubuntu 14.04 ESM (Trusty Tahr): | released
(4.4.0-79.100~14.04.1)
|
Ubuntu 16.04 LTS (Xenial Xerus): | DNE
|
Ubuntu 18.04 LTS (Bionic Beaver): | DNE
|
Package
Upstream: | released
(4.11~rc8)
|
Ubuntu 12.04 ESM (Precise Pangolin): | DNE
|
Ubuntu 14.04 ESM (Trusty Tahr): | DNE
(trusty was ignored)
|
Ubuntu 16.04 LTS (Xenial Xerus): | DNE
|
Ubuntu 18.04 LTS (Bionic Beaver): | DNE
|
Package
Upstream: | released
(4.11~rc8)
|
Ubuntu 12.04 ESM (Precise Pangolin): | DNE
|
Ubuntu 14.04 ESM (Trusty Tahr): | DNE
(trusty was ignored)
|
Ubuntu 16.04 LTS (Xenial Xerus): | ignored
(abandoned)
|
Ubuntu 18.04 LTS (Bionic Beaver): | DNE
|
Package
Upstream: | released
(4.11~rc8)
|
Ubuntu 12.04 ESM (Precise Pangolin): | DNE
|
Ubuntu 14.04 ESM (Trusty Tahr): | DNE
(trusty was ignored)
|
Ubuntu 16.04 LTS (Xenial Xerus): | DNE
|
Ubuntu 18.04 LTS (Bionic Beaver): | DNE
|
Package
Upstream: | released
(4.11~rc8)
|
Ubuntu 12.04 ESM (Precise Pangolin): | DNE
|
Ubuntu 14.04 ESM (Trusty Tahr): | DNE
|
Ubuntu 16.04 LTS (Xenial Xerus): | not-affected
(4.13.0-1008.9)
|
Ubuntu 18.04 LTS (Bionic Beaver): | DNE
|
Package
Upstream: | released
(4.11~rc8)
|
Ubuntu 12.04 ESM (Precise Pangolin): | DNE
(precise was ignored [abandoned])
|
Ubuntu 14.04 ESM (Trusty Tahr): | DNE
|
Ubuntu 16.04 LTS (Xenial Xerus): | DNE
|
Ubuntu 18.04 LTS (Bionic Beaver): | DNE
|
Package
Upstream: | released
(4.11~rc8)
|
Ubuntu 12.04 ESM (Precise Pangolin): | DNE
(precise was needed)
|
Ubuntu 14.04 ESM (Trusty Tahr): | DNE
|
Ubuntu 16.04 LTS (Xenial Xerus): | DNE
|
Ubuntu 18.04 LTS (Bionic Beaver): | DNE
|
Product
linux-vegetahd: | ignored
(was needed now end-of-life)
|
Updated: 2019-12-05 18:46:47 UTC (commit dd38ff22974aae499eb50644b9d5a2817483cbdb)