** Changed in: linux (Ubuntu Vivid) Status: Fix Released => Invalid
** Changed in: linux (Ubuntu Wily) Status: Fix Released => Invalid ** Changed in: linux-lts-vivid (Ubuntu Trusty) Status: Fix Committed => Invalid ** Changed in: linux-lts-saucy (Ubuntu Precise) Status: Invalid => Won't Fix ** Changed in: linux-lts-raring (Ubuntu Precise) Status: Invalid => Won't Fix ** No longer affects: linux-lts-backport-maverick (Ubuntu) ** No longer affects: linux-lts-backport-maverick (Ubuntu Lucid) ** No longer affects: linux-lts-backport-maverick (Ubuntu Precise) ** No longer affects: linux-lts-backport-maverick (Ubuntu Trusty) ** No longer affects: linux-lts-backport-maverick (Ubuntu Utopic) ** No longer affects: linux-lts-backport-maverick (Ubuntu Vivid) ** No longer affects: linux-lts-backport-maverick (Ubuntu Wily) ** No longer affects: linux-lts-backport-natty (Ubuntu Wily) ** No longer affects: linux-lts-backport-natty (Ubuntu Vivid) ** No longer affects: linux-lts-backport-natty (Ubuntu Utopic) ** No longer affects: linux-lts-backport-natty (Ubuntu Trusty) ** No longer affects: linux-lts-backport-natty (Ubuntu Precise) ** No longer affects: linux-lts-backport-natty (Ubuntu Lucid) ** No longer affects: linux-lts-backport-natty (Ubuntu) ** Description changed: - [execution in the early microcode loader x86/intel] Guard against stack - overflow in the loader mc_saved_tmp is a static array allocated on the - stack, we need to make sure mc_saved_count stays within its bounds, - otherwise we're overflowing the stack in _save_mc(). A specially crafted - microcode header could lead to a kernel crash or potentially kernel - execution. + Stack-based buffer overflow in the get_matching_model_microcode function in + arch/x86/kernel/cpu/microcode/intel_early.c in the Linux kernel before 4.0 + allows context-dependent attackers to gain privileges by constructing a + crafted microcode header and leveraging root privileges for write access to + the initrd. Break-Fix: ec400ddeff200b068ddc6c70f7321f49ecf32ed5 f84598bd7c851f8b0bf8cd0d7c3be0d73c432ff4 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1438504 Title: CVE-2015-2666 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1438504/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs