Bug 1012353 - (CVE-2016-9644) VUL-0: CVE-2016-9644: kernel: The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the Linuxkernel 4.4.22 through 4.4...
(CVE-2016-9644)
VUL-0: CVE-2016-9644: kernel: The __get_user_asm_ex macro in arch/x86/include...
Status: RESOLVED DUPLICATE of bug 1008650
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P5 - None : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/176876/
CVSSv2:NVD:CVE-2016-9644:9.3:(AV:N/AC...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-11-28 10:56 UTC by Alexander Bergmann
Modified: 2018-11-27 13:20 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2016-11-28 10:56:50 UTC
CVE-2016-9644

The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the Linux
kernel 4.4.22 through 4.4.28 contains extended asm statements that are
incompatible with the exception table, which allows local users to obtain root
access on non-SMEP platforms via a crafted application.  NOTE: this
vulnerability exists because of incorrect backporting of the CVE-2016-9178 patch
to older kernels.

Above refers to a new issue which affected some Linux stable lines, which backported 1c109fabbd51863475cd12ac206bdd249aee35af without also backporting 548acf19234dbda5a52d5a8e7e205af46e9da840.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9644
http://www.openwall.com/lists/oss-security/2016/11/07/4
http://seclists.org/oss-sec/2016/q4/535
https://lwn.net/Articles/705220/
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1c109fabbd51863475cd12ac206bdd249aee35af
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=548acf19234dbda5a52d5a8e7e205af46e9da840