Launchpad.net

CVE 2015-8709

kernel/ptrace.c in the Linux kernel through 4.4.1 mishandles uid and gid mappings, which allows local users to gain privileges by establishing a user namespace, waiting for a root process to enter that namespace with an unsafe uid or gid, and then using the ptrace system call. NOTE: the vendor states "there is no kernel bug here.

Related bugs and status

CVE-2015-8709 (Candidate) is related to these bugs:

Bug #1527374: CVE-2015-8709

		In	Importance	Status
1527374	CVE-2015-8709	linux (Ubuntu)	Medium	Fix Released
1527374	CVE-2015-8709	linux (Ubuntu Wily)	Medium	Fix Released
1527374	CVE-2015-8709	linux (Ubuntu Trusty)	Medium	Fix Released
1527374	CVE-2015-8709	linux (Ubuntu Xenial)	Medium	Fix Released
1527374	CVE-2015-8709	linux (Ubuntu Vivid)	Medium	Fix Released
1527374	CVE-2015-8709	linux-lts-vivid (Ubuntu)	Undecided	Fix Released
1527374	CVE-2015-8709	linux-lts-wily (Ubuntu)	Undecided	Fix Released
1527374	CVE-2015-8709	linux-lts-utopic (Ubuntu)	Undecided	Fix Released
1527374	CVE-2015-8709	linux (Ubuntu Precise)	Medium	Invalid
1527374	CVE-2015-8709	linux-lts-trusty (Ubuntu Precise)	Medium	Fix Released
1527374	CVE-2015-8709	linux-armadaxp (Ubuntu)	Undecided	Confirmed
1527374	CVE-2015-8709	linux-goldfish (Ubuntu)	Undecided	Confirmed
1527374	CVE-2015-8709	linux-lts-saucy (Ubuntu)	Medium	Won't Fix
1527374	CVE-2015-8709	linux-lts-quantal (Ubuntu)	Medium	Won't Fix
1527374	CVE-2015-8709	linux-flo (Ubuntu)	Undecided	Confirmed
1527374	CVE-2015-8709	linux-raspi2 (Ubuntu)	Undecided	Fix Released
1527374	CVE-2015-8709	linux-mako (Ubuntu)	Undecided	Confirmed
1527374	CVE-2015-8709	linux-ti-omap4 (Ubuntu)	Undecided	Confirmed
1527374	CVE-2015-8709	linux-lts-raring (Ubuntu)	Medium	Won't Fix
1527374	CVE-2015-8709	linux-manta (Ubuntu)	Undecided	Confirmed
1527374	CVE-2015-8709	linux-lts-xenial (Ubuntu)	Undecided	New
1527374	CVE-2015-8709	linux-snapdragon (Ubuntu)	Undecided	New

See the

CVE page on cve.org for more details.

Launchpad.net

CVE 2015-8709

Related bugs and status

Related bugs

References