CVE-2016-9756 in Ubuntu

CVE-2016-9756

Priority

Medium

Description

arch/x86/kvm/emulate.c in the Linux kernel before 4.8.12 does not properly
initialize Code Segment (CS) in certain error cases, which allows local
users to obtain sensitive information from kernel stack memory via a
crafted application.

Ubuntu-Description

Dmitry Vyukov discovered that the KVM implementation in the Linux kernel
did not properly initialize the Code Segment (CS) in certain error cases. A
local attacker could use this to expose sensitive information (kernel
memory).

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9756
https://bugzilla.redhat.com/show_bug.cgi?id=1400468
http://www.ubuntu.com/usn/usn-3167-1
http://www.ubuntu.com/usn/usn-3167-2
http://www.ubuntu.com/usn/usn-3168-1
http://www.ubuntu.com/usn/usn-3168-2
http://www.ubuntu.com/usn/usn-3169-1
http://www.ubuntu.com/usn/usn-3169-2
http://www.ubuntu.com/usn/usn-3170-1

Notes

jdstrand> android kernels (flo, goldfish, grouper, maguro, mako and manta) are
not supported on the Ubuntu Touch 14.10 and earlier preview kernels
jdstrand> linux-lts-saucy no longer receives official support
jdstrand> linux-lts-quantal no longer receives official support

Package

Source: linux-lts-trusty (LP Ubuntu Debian)

Upstream:	released (4.9~rc7)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-lts-wily (LP Ubuntu Debian)

Upstream:	released (4.9~rc7)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored (end-of-life)
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source tree: https://github.com/bq/aquaris-E5

linux-vegetahd:

not-affected

Package

Source: linux-lts-quantal (LP Ubuntu Debian)

Upstream:	released (4.9~rc7)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.04 (Zesty Zapus):	DNE

Patches:

Package

Source: linux-gke (LP Ubuntu Debian)

Upstream:	released (4.9~rc7)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	not-affected (4.4.0-1003.3)
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux (LP Ubuntu Debian)

Upstream:	released (4.9~rc7)
Ubuntu 17.10 (Artful Aardvark):	not-affected (4.10.0-19.21)
Ubuntu 14.04 LTS (Trusty Tahr):	released (3.13.0-107.154)
Ubuntu Core 15.04:	released (3.19.0-79.87)
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.4.0-59.80)
Ubuntu 17.04 (Zesty Zapus):	not-affected (4.9.0-11.12)

Patches:

Introduced by d1442d85cc30ea75f7d399474ca738e0bc96f715

Fixed by 2117d5398c81554fbf803f5fd1dc55eb78216c0c

Package

Source: linux-ti-omap4 (LP Ubuntu Debian)

Upstream:	released (4.9~rc7)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-lts-raring (LP Ubuntu Debian)

Upstream:	released (4.9~rc7)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-armadaxp (LP Ubuntu Debian)

Upstream:	released (4.9~rc7)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-linaro-shared (LP Ubuntu Debian)

Upstream:	released (4.9~rc7)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-maguro (LP Ubuntu Debian)

Upstream:	released (4.9~rc7)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-lts-xenial (LP Ubuntu Debian)

Upstream:	released (4.9~rc7)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	released (4.4.0-59.80~14.04.1)
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-lts-saucy (LP Ubuntu Debian)

Upstream:	released (4.9~rc7)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-hwe-edge (LP Ubuntu Debian)

Upstream:	released (4.9~rc7)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.8.0-34.36~16.04.1)
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-manta (LP Ubuntu Debian)

Upstream:	released (4.9~rc7)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-grouper (LP Ubuntu Debian)

Upstream:	released (4.9~rc7)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-linaro-vexpress (LP Ubuntu Debian)

Upstream:	released (4.9~rc7)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-qcm-msm (LP Ubuntu Debian)

Upstream:	released (4.9~rc7)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-lts-vivid (LP Ubuntu Debian)

Upstream:	released (4.9~rc7)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	released (3.19.0-79.87~14.04.1)
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-aws (LP Ubuntu Debian)

Upstream:	released (4.9~rc7)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.4.0-1003.12)
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-raspi2 (LP Ubuntu Debian)

Upstream:	released (4.9~rc7)
Ubuntu 17.10 (Artful Aardvark):	not-affected (4.10.0-1004.6)
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Core 15.04:	ignored (was needed now end-of-life)
Ubuntu 16.04 LTS (Xenial Xerus):	not-affected (x86 only)
Ubuntu 17.04 (Zesty Zapus):	not-affected (4.8.0-1024.27)

Package

Source: linux-snapdragon (LP Ubuntu Debian)

Upstream:	released (4.9~rc7)
Ubuntu 17.10 (Artful Aardvark):	not-affected (4.4.0-1050.54)
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	not-affected (x86 only)
Ubuntu 17.04 (Zesty Zapus):	not-affected (4.4.0-1046.50)

Package

Source: linux-mako (LP Ubuntu Debian)

Upstream:	released (4.9~rc7)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	not-affected
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-linaro-omap (LP Ubuntu Debian)

Upstream:	released (4.9~rc7)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-lts-utopic (LP Ubuntu Debian)

Upstream:	released (4.9~rc7)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored (end-of-life)
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-goldfish (LP Ubuntu Debian)

Upstream:	released (4.9~rc7)
Ubuntu 17.10 (Artful Aardvark):	not-affected
Ubuntu 14.04 LTS (Trusty Tahr):	ignored
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	not-affected
Ubuntu 17.04 (Zesty Zapus):	not-affected

Package

Source: linux-hwe (LP Ubuntu Debian)

Upstream:	released (4.9~rc7)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	not-affected (4.8.0-36.36~16.04.1)
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source tree: https://github.com/bq/aquaris-E4.5

linux-krillin:

not-affected

Package

Source: linux-flo (LP Ubuntu Debian)

Upstream:	released (4.9~rc7)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	not-affected
Ubuntu 17.04 (Zesty Zapus):	DNE

More Information

Updated: 2017-08-11 23:55:31 UTC (commit 13081)