Ubuntu
linux-raspi2 package

CVE-2016-0728

Bug #1534887 reported by Steve Beattie on 2016-01-16

260

This bug affects 1 person

	Status	Importance	Assigned to
linux (Ubuntu)	Fix Released	High	Unassigned
Precise	Invalid	High	Unassigned
Trusty	Fix Released	High	Unassigned
Vivid	Fix Released	High	Unassigned
Wily	Fix Released	High	Unassigned
Xenial	Fix Released	High	Unassigned
Yakkety	Fix Released	High	Unassigned
linux-armadaxp (Ubuntu)	Invalid	High	Unassigned
Precise	Invalid	High	Unassigned
Trusty	Invalid	High	Unassigned
Vivid	Invalid	High	Unassigned
Wily	Invalid	High	Unassigned
Xenial	Invalid	High	Unassigned
Yakkety	Invalid	High	Unassigned
linux-flo (Ubuntu)	New	High	Unassigned
Precise	Invalid	High	Unassigned
Trusty	Invalid	High	Unassigned
Vivid	Invalid	High	Unassigned
Wily	New	High	Unassigned
Xenial	New	High	Unassigned
Yakkety	New	High	Unassigned
linux-goldfish (Ubuntu)	New	High	Unassigned
Precise	Invalid	High	Unassigned
Trusty	Invalid	High	Unassigned
Vivid	Invalid	High	Unassigned
Wily	New	High	Unassigned
Xenial	New	High	Unassigned
Yakkety	New	High	Unassigned
linux-lts-quantal (Ubuntu)	Invalid	High	Unassigned
Precise	Invalid	High	Unassigned
Trusty	Invalid	High	Unassigned
Vivid	Invalid	High	Unassigned
Wily	Invalid	High	Unassigned
Xenial	Invalid	High	Unassigned
Yakkety	Invalid	High	Unassigned
linux-lts-raring (Ubuntu)	Invalid	High	Unassigned
Precise	Invalid	High	Unassigned
Trusty	Invalid	High	Unassigned
Vivid	Invalid	High	Unassigned
Wily	Invalid	High	Unassigned
Xenial	Invalid	High	Unassigned
Yakkety	Invalid	High	Unassigned
linux-lts-saucy (Ubuntu)	Invalid	High	Unassigned
Precise	Invalid	High	Unassigned
Trusty	Invalid	High	Unassigned
Vivid	Invalid	High	Unassigned
Wily	Invalid	High	Unassigned
Xenial	Invalid	High	Unassigned
Yakkety	Invalid	High	Unassigned
linux-lts-trusty (Ubuntu)	Invalid	High	Unassigned
Precise	Fix Released	High	Unassigned
Trusty	Invalid	High	Unassigned
Vivid	Invalid	High	Unassigned
Wily	Invalid	High	Unassigned
Xenial	Invalid	High	Unassigned
Yakkety	Invalid	High	Unassigned
linux-lts-utopic (Ubuntu)	Invalid	High	Unassigned
Precise	Invalid	High	Unassigned
Trusty	Fix Released	High	Unassigned
Vivid	Invalid	High	Unassigned
Wily	Invalid	High	Unassigned
Xenial	Invalid	High	Unassigned
Yakkety	Invalid	High	Unassigned
linux-lts-vivid (Ubuntu)	Invalid	High	Unassigned
Precise	Invalid	High	Unassigned
Trusty	Fix Released	High	Unassigned
Vivid	Invalid	High	Unassigned
Wily	Invalid	High	Unassigned
Xenial	Invalid	High	Unassigned
Yakkety	Invalid	High	Unassigned
linux-lts-wily (Ubuntu)	Invalid	High	Unassigned
Precise	Invalid	High	Unassigned
Trusty	Fix Released	High	Unassigned
Vivid	Invalid	High	Unassigned
Wily	Invalid	High	Unassigned
Xenial	Invalid	High	Unassigned
Yakkety	Invalid	High	Unassigned
linux-lts-xenial (Ubuntu)	Invalid	High	Unassigned
Precise	Invalid	High	Unassigned
Trusty	Fix Committed	High	Unassigned
Vivid	New	Undecided	Unassigned
Wily	Invalid	High	Unassigned
Xenial	Invalid	High	Unassigned
Yakkety	Invalid	High	Unassigned
linux-mako (Ubuntu)	New	High	Unassigned
Precise	Invalid	High	Unassigned
Trusty	Invalid	High	Unassigned
Vivid	Invalid	High	Unassigned
Wily	New	High	Unassigned
Xenial	New	High	Unassigned
Yakkety	New	High	Unassigned
linux-manta (Ubuntu)	Invalid	High	Unassigned
Precise	Invalid	High	Unassigned
Trusty	Invalid	High	Unassigned
Vivid	Invalid	High	Unassigned
Wily	New	High	Unassigned
Xenial	Invalid	High	Unassigned
Yakkety	Invalid	High	Unassigned
linux-raspi2 (Ubuntu)	Fix Committed	High	Unassigned
Precise	Invalid	High	Unassigned
Trusty	Invalid	High	Unassigned
Vivid	Invalid	High	Unassigned
Wily	Fix Released	High	Unassigned
Xenial	Fix Committed	High	Unassigned
Yakkety	Fix Committed	High	Unassigned
linux-snapdragon (Ubuntu)	Invalid	High	Unassigned
Precise	Invalid	High	Unassigned
Trusty	Invalid	High	Unassigned
Vivid	New	Undecided	Unassigned
Wily	Invalid	High	Unassigned
Xenial	Invalid	High	Unassigned
Yakkety	Invalid	High	Unassigned
linux-ti-omap4 (Ubuntu)	Invalid	High	Unassigned
Precise	Invalid	High	Unassigned
Trusty	Invalid	High	Unassigned
Vivid	Invalid	High	Unassigned
Wily	Invalid	High	Unassigned
Xenial	Invalid	High	Unassigned
Yakkety	Invalid	High	Unassigned

Bug Description

The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.

Break-Fix: 3a50597de8635cd05133bd12c95681c82fe7b878 23567fd052a9abb6d67fe8e7a9ccdd9800a540f2

See original description

Tags:

Related branches

lp://staging/ubuntu/trusty-security/linux-lts-vivid

lp://staging/ubuntu/trusty-proposed/linux-lts-vivid

lp://staging/ubuntu/trusty-security/linux-lts-wily

lp://staging/ubuntu/trusty-proposed/linux-lts-wily

CVE References

2016-0728

Steve Beattie (sbeattie) on 2016-01-16

Changed in linux-lts-trusty (Ubuntu Wily):
status:	New → Invalid
importance:	Undecided → High
Changed in linux-lts-trusty (Ubuntu Xenial):
status:	New → Invalid
importance:	Undecided → High
Changed in linux-lts-trusty (Ubuntu Trusty):
status:	New → Invalid
importance:	Undecided → High
Changed in linux-lts-trusty (Ubuntu Vivid):
status:	New → Invalid
importance:	Undecided → High
Changed in linux-lts-wily (Ubuntu Wily):
status:	New → Invalid
importance:	Undecided → High
Changed in linux-lts-wily (Ubuntu Xenial):
status:	New → Invalid
importance:	Undecided → High
Changed in linux-lts-wily (Ubuntu Trusty):
importance:	Undecided → High
Changed in linux-lts-wily (Ubuntu Vivid):
status:	New → Invalid
importance:	Undecided → High
Changed in linux-lts-quantal (Ubuntu Wily):
status:	New → Invalid
importance:	Undecided → High
Changed in linux-lts-quantal (Ubuntu Xenial):
status:	New → Invalid
importance:	Undecided → High
Changed in linux-lts-quantal (Ubuntu Trusty):
status:	New → Invalid
importance:	Undecided → High
Changed in linux-lts-quantal (Ubuntu Vivid):
status:	New → Invalid
importance:	Undecided → High
Changed in linux (Ubuntu Wily):
importance:	Undecided → High
Changed in linux (Ubuntu Xenial):
importance:	Undecided → High
Changed in linux (Ubuntu Trusty):
importance:	Undecided → High
Changed in linux (Ubuntu Vivid):
importance:	Undecided → High
Changed in linux-ti-omap4 (Ubuntu Wily):
status:	New → Invalid
importance:	Undecided → High
Changed in linux-ti-omap4 (Ubuntu Xenial):
status:	New → Invalid
importance:	Undecided → High
Changed in linux-ti-omap4 (Ubuntu Trusty):
status:	New → Invalid
importance:	Undecided → High
Changed in linux-ti-omap4 (Ubuntu Vivid):
status:	New → Invalid
importance:	Undecided → High
Changed in linux-lts-raring (Ubuntu Wily):
status:	New → Invalid
importance:	Undecided → High
Changed in linux-lts-raring (Ubuntu Xenial):
status:	New → Invalid
importance:	Undecided → High
Changed in linux-lts-raring (Ubuntu Trusty):
status:	New → Invalid
importance:	Undecided → High
Changed in linux-lts-raring (Ubuntu Vivid):
status:	New → Invalid
importance:	Undecided → High
Changed in linux-armadaxp (Ubuntu Wily):
status:	New → Invalid
importance:	Undecided → High
Changed in linux-armadaxp (Ubuntu Xenial):
status:	New → Invalid
importance:	Undecided → High
Changed in linux-armadaxp (Ubuntu Trusty):
status:	New → Invalid
importance:	Undecided → High
Changed in linux-armadaxp (Ubuntu Vivid):
status:	New → Invalid
importance:	Undecided → High
Changed in linux-lts-saucy (Ubuntu Wily):
status:	New → Invalid
importance:	Undecided → High
Changed in linux-lts-saucy (Ubuntu Xenial):
status:	New → Invalid
importance:	Undecided → High
Changed in linux-lts-saucy (Ubuntu Trusty):
status:	New → Invalid
importance:	Undecided → High
Changed in linux-lts-saucy (Ubuntu Vivid):
status:	New → Invalid
importance:	Undecided → High
Changed in linux-manta (Ubuntu Wily):
importance:	Undecided → High
Changed in linux-manta (Ubuntu Xenial):
importance:	Undecided → High
Changed in linux-manta (Ubuntu Trusty):
status:	New → Invalid
importance:	Undecided → High
Changed in linux-manta (Ubuntu Vivid):
importance:	Undecided → High
Changed in linux-lts-vivid (Ubuntu Wily):
status:	New → Invalid
importance:	Undecided → High
Changed in linux-lts-vivid (Ubuntu Xenial):
status:	New → Invalid
importance:	Undecided → High
Changed in linux-lts-vivid (Ubuntu Trusty):
importance:	Undecided → High
Changed in linux-lts-vivid (Ubuntu Vivid):
status:	New → Invalid
importance:	Undecided → High
Changed in linux-raspi2 (Ubuntu Wily):
importance:	Undecided → High
Changed in linux-raspi2 (Ubuntu Xenial):
importance:	Undecided → High
Changed in linux-raspi2 (Ubuntu Trusty):
status:	New → Invalid
importance:	Undecided → High
Changed in linux-raspi2 (Ubuntu Vivid):
status:	New → Invalid
importance:	Undecided → High
Changed in linux-mako (Ubuntu Wily):
importance:	Undecided → High
Changed in linux-mako (Ubuntu Xenial):
importance:	Undecided → High
Changed in linux-mako (Ubuntu Trusty):
status:	New → Invalid
importance:	Undecided → High
Changed in linux-mako (Ubuntu Vivid):
importance:	Undecided → High
Changed in linux-lts-utopic (Ubuntu Wily):
status:	New → Invalid
importance:	Undecided → High
Changed in linux-lts-utopic (Ubuntu Xenial):
status:	New → Invalid
importance:	Undecided → High
Changed in linux-lts-utopic (Ubuntu Trusty):
importance:	Undecided → High
Changed in linux-lts-utopic (Ubuntu Vivid):
status:	New → Invalid
importance:	Undecided → High
Changed in linux-goldfish (Ubuntu Wily):
importance:	Undecided → High
Changed in linux-goldfish (Ubuntu Xenial):
importance:	Undecided → High
Changed in linux-goldfish (Ubuntu Trusty):
status:	New → Invalid
importance:	Undecided → High
Changed in linux-goldfish (Ubuntu Vivid):
importance:	Undecided → High
Changed in linux-flo (Ubuntu Wily):
importance:	Undecided → High
Changed in linux-flo (Ubuntu Xenial):
importance:	Undecided → High
Changed in linux-flo (Ubuntu Trusty):
status:	New → Invalid
importance:	Undecided → High
Changed in linux-flo (Ubuntu Vivid):
importance:	Undecided → High
description:	updated

Steve Beattie (sbeattie) on 2016-01-16

Changed in linux-lts-trusty (Ubuntu Precise):
importance:	Undecided → High
Changed in linux-lts-wily (Ubuntu Precise):
status:	New → Invalid
importance:	Undecided → High
Changed in linux-lts-quantal (Ubuntu Precise):
status:	New → Invalid
importance:	Undecided → High
Changed in linux (Ubuntu Precise):
status:	New → Invalid
importance:	Undecided → High
Changed in linux-ti-omap4 (Ubuntu Precise):
importance:	Undecided → High
Changed in linux-lts-raring (Ubuntu Precise):
status:	New → Invalid
importance:	Undecided → High
Changed in linux-armadaxp (Ubuntu Precise):
importance:	Undecided → High
Changed in linux-lts-saucy (Ubuntu Precise):
status:	New → Invalid
importance:	Undecided → High
Changed in linux-manta (Ubuntu Precise):
status:	New → Invalid
importance:	Undecided → High
Changed in linux-lts-vivid (Ubuntu Precise):
status:	New → Invalid
importance:	Undecided → High
Changed in linux-raspi2 (Ubuntu Precise):
status:	New → Invalid
importance:	Undecided → High
Changed in linux-mako (Ubuntu Precise):
status:	New → Invalid
importance:	Undecided → High
Changed in linux-lts-utopic (Ubuntu Precise):
status:	New → Invalid
importance:	Undecided → High
Changed in linux-goldfish (Ubuntu Precise):
status:	New → Invalid
importance:	Undecided → High
Changed in linux-flo (Ubuntu Precise):
status:	New → Invalid
importance:	Undecided → High
description:	updated
summary:	- placeholder + CVE-2016-0728

Steve Beattie (sbeattie) on 2016-01-19

information type:

Private Security → Public Security

Revision history for this message

Brad Figg (brad-figg) wrote on 2016-01-19: Missing required logs.

This bug is missing log files that will aid in diagnosing the problem. From a terminal window please run:

apport-collect 1534887

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status:	New → Incomplete
Changed in linux (Ubuntu Trusty):
status:	New → Incomplete
Changed in linux (Ubuntu Vivid):
status:	New → Incomplete
Changed in linux (Ubuntu Wily):
status:	New → Incomplete

Revision history for this message

Launchpad Janitor (janitor) wrote on 2016-01-19:

This bug was fixed in the package linux - 4.2.0-25.30

---------------
linux (4.2.0-25.30) wily; urgency=low

[ Upstream Kernel Changes ]

  * KEYS: Fix keyring ref leak in join_session_keyring()
    - LP: #1534887
    - CVE-2016-0728

-- Luis Henriques <email address hidden> Mon, 18 Jan 2016 10:30:55 +0000

Changed in linux (Ubuntu Wily):
status:	Incomplete → Fix Released
status:	Incomplete → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2016-01-19:

This bug was fixed in the package linux - 3.19.0-47.53

---------------
linux (3.19.0-47.53) vivid; urgency=low

[ Upstream Kernel Changes ]

  * KEYS: Fix keyring ref leak in join_session_keyring()
    - LP: #1534887
    - CVE-2016-0728

-- Luis Henriques <email address hidden> Mon, 18 Jan 2016 10:22:21 +0000

Changed in linux (Ubuntu Vivid):
status:	Incomplete → Fix Released
status:	Incomplete → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2016-01-19:

This bug was fixed in the package linux - 3.13.0-76.120

---------------
linux (3.13.0-76.120) trusty; urgency=low

[ Upstream Kernel Changes ]

  * KEYS: Fix keyring ref leak in join_session_keyring()
    - LP: #1534887
    - CVE-2016-0728

-- Luis Henriques <email address hidden> Mon, 18 Jan 2016 09:54:03 +0000

Changed in linux (Ubuntu Trusty):
status:	Incomplete → Fix Released
status:	Incomplete → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2016-01-19:

This bug was fixed in the package linux-lts-wily - 4.2.0-25.30~14.04.1

---------------
linux-lts-wily (4.2.0-25.30~14.04.1) trusty; urgency=low

[ Upstream Kernel Changes ]

  * KEYS: Fix keyring ref leak in join_session_keyring()
    - LP: #1534887
    - CVE-2016-0728

-- Luis Henriques <email address hidden> Mon, 18 Jan 2016 13:30:42 +0000

Changed in linux-lts-wily (Ubuntu Trusty):
status:	New → Fix Released
status:	New → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2016-01-19:

#10

This bug was fixed in the package linux-lts-vivid - 3.19.0-47.53~14.04.1

---------------
linux-lts-vivid (3.19.0-47.53~14.04.1) trusty; urgency=low

[ Upstream Kernel Changes ]

  * KEYS: Fix keyring ref leak in join_session_keyring()
    - LP: #1534887
    - CVE-2016-0728

-- Luis Henriques <email address hidden> Mon, 18 Jan 2016 11:42:07 +0000

Changed in linux-lts-vivid (Ubuntu Trusty):
status:	New → Fix Released
status:	New → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2016-01-19:

#12

This bug was fixed in the package linux-lts-utopic - 3.16.0-59.79~14.04.1

---------------
linux-lts-utopic (3.16.0-59.79~14.04.1) trusty; urgency=low

[ Upstream Kernel Changes ]

  * KEYS: Fix keyring ref leak in join_session_keyring()
    - LP: #1534887
    - CVE-2016-0728

-- Luis Henriques <email address hidden> Mon, 18 Jan 2016 11:00:18 +0000

Changed in linux-lts-utopic (Ubuntu Trusty):
status:	New → Fix Released
status:	New → Fix Released
Changed in linux-raspi2 (Ubuntu Wily):
status:	New → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2016-01-19:

#14

This bug was fixed in the package linux-raspi2 - 4.2.0-1020.27

---------------
linux-raspi2 (4.2.0-1020.27) wily; urgency=low

[ Luis Henriques ]

* rebased on Ubuntu-4.2.0-25.30

[ Ubuntu: 4.2.0-25.30 ]

  * KEYS: Fix keyring ref leak in join_session_keyring()
    - LP: #1534887
    - CVE-2016-0728

-- Luis Henriques <email address hidden> Mon, 18 Jan 2016 14:05:07 +0000

Changed in linux-raspi2 (Ubuntu Wily):
status:	New → Fix Released

Adam Conrad (adconrad) on 2016-01-19

Changed in linux-armadaxp (Ubuntu Precise):
status:	New → Invalid
Changed in linux-ti-omap4 (Ubuntu Precise):
status:	New → Invalid

Revision history for this message

Launchpad Janitor (janitor) wrote on 2016-01-19:

#16

This bug was fixed in the package linux-lts-trusty - 3.13.0-76.120~precise1

---------------
linux-lts-trusty (3.13.0-76.120~precise1) precise; urgency=low

[ Upstream Kernel Changes ]

  * KEYS: Fix keyring ref leak in join_session_keyring()
    - LP: #1534887
    - CVE-2016-0728

-- Luis Henriques <email address hidden> Tue, 19 Jan 2016 10:49:51 +0000

Changed in linux-lts-trusty (Ubuntu Precise):
status:	New → Fix Released
status:	New → Fix Released

Revision history for this message

Timothy Pearson (kb9vqf) wrote on 2016-01-20:

#18

When are the kernel 4.4 packages going to be rebuilt with the fix?

Steve Beattie (sbeattie) on 2016-01-20

tags:

added: kernel-cve-tracking-bug

Revision history for this message

Launchpad Janitor (janitor) wrote on 2016-01-21:

#19

This bug was fixed in the package linux - 4.3.0-7.18

---------------
linux (4.3.0-7.18) xenial; urgency=low

[ Tim Gardner ]

* Release Tracking Bug
- LP: #1535736

[ Andy Whitcroft ]

* [Config] s390x -- the kernel provides ppp-modules such as there are

[ Upstream Kernel Changes ]

  * KEYS: Fix keyring ref leak in join_session_keyring()
    - LP: #1534887
    - CVE-2016-0728

-- Tim Gardner <email address hidden> Mon, 11 Jan 2016 18:49:51 -0700

Changed in linux (Ubuntu Xenial):
status:	Incomplete → Fix Released

Steve Beattie (sbeattie) on 2016-01-22

description:

updated

Steve Beattie (sbeattie) on 2016-01-25

Changed in linux-manta (Ubuntu Vivid):
status:	New → Invalid
Changed in linux-raspi2 (Ubuntu Xenial):
status:	New → Invalid
Changed in linux-mako (Ubuntu Vivid):
status:	New → Invalid
Changed in linux-goldfish (Ubuntu Vivid):
status:	New → Invalid
Changed in linux-flo (Ubuntu Vivid):
status:	New → Invalid
description:	updated

Steve Beattie (sbeattie) on 2016-02-10

Changed in linux-raspi2 (Ubuntu Xenial):
status:	Invalid → Fix Committed
description:	updated

Steve Beattie (sbeattie) on 2016-02-11

Changed in linux-lts-xenial (Ubuntu Precise):
status:	New → Invalid
importance:	Undecided → High
Changed in linux-lts-xenial (Ubuntu Wily):
status:	New → Invalid
importance:	Undecided → High
Changed in linux-lts-xenial (Ubuntu Xenial):
status:	New → Invalid
importance:	Undecided → High
Changed in linux-lts-xenial (Ubuntu Trusty):
status:	New → Fix Committed
importance:	Undecided → High

Steve Beattie (sbeattie) on 2016-04-19

Changed in linux-manta (Ubuntu Xenial):
status:	New → Invalid

Steve Beattie (sbeattie) on 2016-05-06

Changed in linux-snapdragon (Ubuntu Precise):
status:	New → Invalid
importance:	Undecided → High
Changed in linux-snapdragon (Ubuntu Wily):
status:	New → Invalid
importance:	Undecided → High
Changed in linux-snapdragon (Ubuntu Xenial):
status:	New → Invalid
importance:	Undecided → High
Changed in linux-snapdragon (Ubuntu Yakkety):
status:	New → Invalid
importance:	Undecided → High
Changed in linux-snapdragon (Ubuntu Trusty):
status:	New → Invalid
importance:	Undecided → High

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux-raspi2 package

CVE-2016-0728

Bug Description

Related branches

CVE References

Other bug subscribers

Remote bug watches

Ubuntu
linux-raspi2 package