** Also affects: linux (Ubuntu Wily)
Importance: Medium
Status: Fix Released
** Also affects: linux-fsl-imx51 (Ubuntu Wily)
Importance: Medium
Status: Invalid
** Also affects: linux-mvl-dove (Ubuntu Wily)
Importance: Medium
Status: Invalid
** Also affects: linux-ec2 (Ubuntu Wily)
Importance: Medium
Status: Invalid
** Also affects: linux-ti-omap4 (Ubuntu Wily)
Importance: Medium
Status: Invalid
** Also affects: linux-lts-backport-maverick (Ubuntu Wily)
Importance: Undecided
Status: New
** Also affects: linux-lts-backport-natty (Ubuntu Wily)
Importance: Undecided
Status: New
** Also affects: linux-armadaxp (Ubuntu Wily)
Importance: Medium
Status: Invalid
** Also affects: linux-lts-quantal (Ubuntu Wily)
Importance: Medium
Status: Invalid
** Also affects: linux-lts-raring (Ubuntu Wily)
Importance: Medium
Status: Invalid
** Also affects: linux-lts-saucy (Ubuntu Wily)
Importance: Medium
Status: Invalid
** Also affects: linux-mako (Ubuntu Wily)
Importance: Medium
Status: Invalid
** Also affects: linux-manta (Ubuntu Wily)
Importance: Medium
Status: Invalid
** Also affects: linux-goldfish (Ubuntu Wily)
Importance: Medium
Status: Invalid
** Also affects: linux-flo (Ubuntu Wily)
Importance: Medium
Status: Invalid
** Also affects: linux-lts-trusty (Ubuntu Wily)
Importance: Medium
Status: Invalid
** Also affects: linux-lts-utopic (Ubuntu Wily)
Importance: Medium
Status: Invalid
** No longer affects: linux-lts-trusty (Ubuntu Lucid)
** No longer affects: linux-armadaxp (Ubuntu Lucid)
** No longer affects: linux-ec2 (Ubuntu Lucid)
** No longer affects: linux-goldfish (Ubuntu Lucid)
** No longer affects: linux-lts-saucy (Ubuntu Lucid)
** No longer affects: linux-lts-quantal (Ubuntu Lucid)
** No longer affects: linux-mvl-dove (Ubuntu Lucid)
** No longer affects: linux-ti-omap4 (Ubuntu Lucid)
** No longer affects: linux-lts-vivid (Ubuntu Lucid)
** No longer affects: linux (Ubuntu Lucid)
** No longer affects: linux-mako (Ubuntu Lucid)
** No longer affects: linux-fsl-imx51 (Ubuntu Lucid)
** No longer affects: linux-lts-utopic (Ubuntu Lucid)
** No longer affects: linux-flo (Ubuntu Lucid)
** No longer affects: linux-lts-raring (Ubuntu Lucid)
** No longer affects: linux-manta (Ubuntu Lucid)
** Changed in: linux-lts-vivid (Ubuntu Precise)
Status: New => Invalid
** Changed in: linux-lts-vivid (Ubuntu Precise)
Importance: Undecided => Medium
** Changed in: linux-lts-vivid (Ubuntu Vivid)
Status: New => Invalid
** Changed in: linux-lts-vivid (Ubuntu Vivid)
Importance: Undecided => Medium
** Changed in: linux-lts-vivid (Ubuntu Wily)
Status: New => Invalid
** Changed in: linux-lts-vivid (Ubuntu Wily)
Importance: Undecided => Medium
** Changed in: linux-lts-vivid (Ubuntu Utopic)
Status: New => Invalid
** Changed in: linux-lts-vivid (Ubuntu Utopic)
Importance: Undecided => Medium
** Changed in: linux-lts-vivid (Ubuntu Trusty)
Status: New => Fix Committed
** Changed in: linux-lts-vivid (Ubuntu Trusty)
Importance: Undecided => Medium
** Description changed:
- [execution in the early microcode loader x86/intel]
- Guard against stack overflow in the loader
- mc_saved_tmp is a static array allocated on the stack, we need to make sure
mc_saved_count stays within its bounds, otherwise we're overflowing the stack
in _save_mc(). A specially crafted microcode header could lead to a kernel
crash or potentially kernel execution.
+ [execution in the early microcode loader x86/intel] Guard against stack
+ overflow in the loader mc_saved_tmp is a static array allocated on the
+ stack, we need to make sure mc_saved_count stays within its bounds,
+ otherwise we're overflowing the stack in _save_mc(). A specially crafted
+ microcode header could lead to a kernel crash or potentially kernel
+ execution.
Break-Fix: ec400ddeff200b068ddc6c70f7321f49ecf32ed5
f84598bd7c851f8b0bf8cd0d7c3be0d73c432ff4
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1438504
Title:
CVE-2015-2666
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1438504/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
