CVE-2016-9644 (retired)

Priority
Description
The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the Linux
kernel 4.4.22 through 4.4.28 contains extended asm statements that are
incompatible with the exception table, which allows local users to obtain
root access on non-SMEP platforms via a crafted application. NOTE: this
vulnerability exists because of incorrect backporting of the CVE-2016-9178
patch to older kernels.
Ubuntu-Description
It was discovered that the __get_user_asm_ex implementation in the Linux
kernel for x86/x86_64 contained extended asm statements that were
incompatible with the exception table. A local attacker could use this to
gain administrative privileges.
Notes
sbeattie1c109fabbd51863475cd12ac206bdd249aee35af
was applied to the 4.4 stable series (in xenial
as 1c109fabbd51863475cd12ac206bdd249aee35af) to fix
CVE-2016-9178, and then got reverted from stable in 4.4.30
(in xenial as 2da13e7f631bb13658e00e61fdea050da25e69e7).
548acf19234dbda5a52d5a8e7e205af46e9da840 was
also very briefly applied to stable in 4.4.29, but
reverted at the same time due to problems (in xenial as
102d19689b2dd4f639a14dfd3f52ce19b5d7bb17). For xenial/4.4
derived kernels, this CVE is fixed with the reversion in
2da13e7f631bb13658e00e61fdea050da25e69e7. However, this leaves
CVE-2016-9178 unfixed.
Package
Source: linux (LP Ubuntu Debian)
Upstream:released (4.8~rc7)
Ubuntu 16.04 LTS (Xenial Xerus):released (4.4.0-51.72)
Patches:
Introduced by
1c109fabbd51863475cd12ac206bdd249aee35af
Fixed by
548acf19234dbda5a52d5a8e7e205af46e9da840
Package
Upstream:released (4.8~rc7)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
This package is not directly supported by the Ubuntu Security Team
Package
Upstream:released (4.8~rc7)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (4.4.0-1001.10)
Package
Upstream:released (4.8~rc7)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Package
Upstream:released (4.8~rc7)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (4.4.0-1003.3)
Package
Upstream:released (4.8~rc7)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Package
Upstream:released (4.8~rc7)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (4.8~rc7)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (4.8.0-36.36~16.04.1)
Package
Upstream:released (4.8~rc7)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (4.8.0-36.36~16.04.1)
Product
linux-krillin:not-affected
Package
Upstream:released (4.8~rc7)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (4.8~rc7)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (4.8~rc7)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (4.8~rc7)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Patches:
This package is not directly supported by the Ubuntu Security Team
Package
Upstream:released (4.8~rc7)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (4.8~rc7)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
This package is not directly supported by the Ubuntu Security Team
Package
Upstream:released (4.8~rc7)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (4.8~rc7)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (4.8~rc7)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (4.8~rc7)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (4.8~rc7)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (4.8~rc7)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (4.8~rc7)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Package
Upstream:released (4.8~rc7)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (4.8~rc7)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:released (4.8~rc7)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (4.4.0-1038.45)
Package
Upstream:released (4.8~rc7)
Ubuntu 16.04 LTS (Xenial Xerus):released (4.4.0-1042.46)
Package
Upstream:released (4.8~rc7)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Product
linux-vegetahd:not-affected
More Information

Updated: 2019-10-09 07:57:53 UTC (commit 33aea848a182c0afcd0a3f927a01a7ecd9a061ee)