CVE-2017-7616 in Ubuntu

CVE-2017-7616

Priority

Medium

Description

Incorrect error handling in the set_mempolicy and mbind compat syscalls in
mm/mempolicy.c in the Linux kernel through 4.10.9 allows local users to
obtain sensitive information from uninitialized stack data by triggering
failure of a certain bitmap operation.

Ubuntu-Description

It was discovered that an information leak existed in the set_mempolicy and
mbind compat syscalls in the Linux kernel. A local attacker could use this
to expose sensitive information (kernel memory).

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7616
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cf01fb9985e8deb25ccf0ea54d916b8871ae0e62
https://github.com/torvalds/linux/commit/cf01fb9985e8deb25ccf0ea54d916b8871ae0e62
https://grsecurity.net/the_infoleak_that_mostly_wasnt.php
http://www.ubuntu.com/usn/usn-3293-1
http://www.ubuntu.com/usn/usn-3291-1
http://www.ubuntu.com/usn/usn-3291-2
http://www.ubuntu.com/usn/usn-3291-3
http://www.ubuntu.com/usn/usn-3361-1

Notes

jdstrand> android kernels (flo, goldfish, grouper, maguro, mako and manta) are
not supported on the Ubuntu Touch 14.10 and earlier preview kernels
jdstrand> linux-lts-saucy no longer receives official support
jdstrand> linux-lts-quantal no longer receives official support

Package

Source: linux-lts-trusty (LP Ubuntu Debian)

Upstream:	released (4.11~rc6)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	pending (3.13.0-129.178~precise1)
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-lts-wily (LP Ubuntu Debian)

Upstream:	released (4.11~rc6)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored (end-of-life)
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-kvm (LP Ubuntu Debian)

Upstream:	released (4.11~rc6)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	not-affected
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source tree: https://github.com/bq/aquaris-E5

linux-vegetahd:

needed

Package

Source: linux-lts-quantal (LP Ubuntu Debian)

Upstream:	released (4.11~rc6)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	DNE (precise was ignored [end-of-life])
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.04 (Zesty Zapus):	DNE

Patches:

Package

Source: linux-gke (LP Ubuntu Debian)

Upstream:	released (4.11~rc6)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.4.0-1013.13)
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux (LP Ubuntu Debian)

Upstream:	released (4.11~rc6)
Ubuntu 17.10 (Artful Aardvark):	not-affected (4.10.0-21.23)
Ubuntu 12.04 ESM (Precise Pangolin):	ignored (was needed ESM criteria)
Ubuntu 14.04 LTS (Trusty Tahr):	pending (3.13.0-129.178)
Ubuntu Core 15.04:	ignored (was needed ESM criteria)
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.4.0-78.99)
Ubuntu 17.04 (Zesty Zapus):	released (4.10.0-21.23)

Patches:

Introduced by 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Fixed by cf01fb9985e8deb25ccf0ea54d916b8871ae0e62

Package

Source: linux-ti-omap4 (LP Ubuntu Debian)

Upstream:	released (4.11~rc6)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	DNE (precise was needed)
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-lts-raring (LP Ubuntu Debian)

Upstream:	released (4.11~rc6)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	DNE (precise was ignored [end-of-life])
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-armadaxp (LP Ubuntu Debian)

Upstream:	released (4.11~rc6)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	DNE (precise was needed)
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-linaro-shared (LP Ubuntu Debian)

Upstream:	released (4.11~rc6)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	DNE (precise was ignored [abandoned])
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-maguro (LP Ubuntu Debian)

Upstream:	released (4.11~rc6)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-lts-xenial (LP Ubuntu Debian)

Upstream:	released (4.11~rc6)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	released (4.4.0-78.99~14.04.2)
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-lts-saucy (LP Ubuntu Debian)

Upstream:	released (4.11~rc6)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	DNE (precise was ignored [end-of-life])
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-gcp (LP Ubuntu Debian)

Upstream:	released (4.11~rc6)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	pending (4.10.0-1003.3)
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-hwe-edge (LP Ubuntu Debian)

Upstream:	released (4.11~rc6)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.10.0-21.23~16.04.1)
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-manta (LP Ubuntu Debian)

Upstream:	released (4.11~rc6)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-azure (LP Ubuntu Debian)

Upstream:	released (4.11~rc6)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	pending (4.11.0-1006.6)
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-grouper (LP Ubuntu Debian)

Upstream:	released (4.11~rc6)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-linaro-vexpress (LP Ubuntu Debian)

Upstream:	released (4.11~rc6)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	DNE (precise was ignored [abandoned])
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-qcm-msm (LP Ubuntu Debian)

Upstream:	released (4.11~rc6)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	DNE (precise was ignored [abandoned])
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-lts-vivid (LP Ubuntu Debian)

Upstream:	released (4.11~rc6)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored (was needed now end-of-life)
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-aws (LP Ubuntu Debian)

Upstream:	released (4.11~rc6)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.4.0-1017.26)
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-raspi2 (LP Ubuntu Debian)

Upstream:	released (4.11~rc6)
Ubuntu 17.10 (Artful Aardvark):	not-affected (4.10.0-1005.7)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Core 15.04:	ignored (end-of-life)
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.4.0-1055.62)
Ubuntu 17.04 (Zesty Zapus):	released (4.10.0-1005.7)

Package

Source: linux-snapdragon (LP Ubuntu Debian)

Upstream:	released (4.11~rc6)
Ubuntu 17.10 (Artful Aardvark):	not-affected (4.4.0-1058.62)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.4.0-1058.62)
Ubuntu 17.04 (Zesty Zapus):	released (4.4.0-1058.62)

Package

Source: linux-mako (LP Ubuntu Debian)

Upstream:	released (4.11~rc6)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	ignored (abandoned)
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-linaro-omap (LP Ubuntu Debian)

Upstream:	released (4.11~rc6)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	DNE (precise was ignored [abandoned])
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-lts-utopic (LP Ubuntu Debian)

Upstream:	released (4.11~rc6)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored (end-of-life)
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source: linux-goldfish (LP Ubuntu Debian)

Upstream:	released (4.11~rc6)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	ignored (abandoned)
Ubuntu 17.04 (Zesty Zapus):	ignored (abandoned)

Package

Source: linux-hwe (LP Ubuntu Debian)

Upstream:	released (4.11~rc6)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.10.0-27.30~16.04.2)
Ubuntu 17.04 (Zesty Zapus):	DNE

Package

Source tree: https://github.com/bq/aquaris-E4.5

linux-krillin:

needed

Package

Source: linux-flo (LP Ubuntu Debian)

Upstream:	released (4.11~rc6)
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored
Ubuntu Core 15.04:	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	ignored (abandoned)
Ubuntu 17.04 (Zesty Zapus):	DNE

More Information

Updated: 2017-08-22 19:14:29 UTC (commit 13164)