CVE-2015-8104
Published: 16 November 2015
The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c.
From the Ubuntu security team
Jan Beulich discovered that the KVM svm hypervisor implementation in the Linux kernel did not properly catch Debug exceptions on AMD processors. An attacker in a guest virtual machine could use this to cause a denial of service (system crash) in the host OS.
Priority
Status
Package | Release | Status |
---|---|---|
linux Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.4~rc1)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(4.3.0-1.10)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Released
(3.13.0-73.116)
|
|
Patches: Introduced by 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Fixed by cbdb967af3d54993f5814f1cee0ed311a055377d |
||
linux-armadaxp Launchpad, Ubuntu, Debian |
Upstream |
Not vulnerable
(x86 only)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
This package is not directly supported by the Ubuntu Security Team | ||
linux-aws Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.4~rc1)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(4.4.0-1001.10)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Not vulnerable
(4.4.0-1002.2)
|
|
linux-ec2 Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.4~rc1)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-flo Launchpad, Ubuntu, Debian |
Upstream |
Not vulnerable
(x86 only)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(x86 only)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was ignored)
|
|
linux-fsl-imx51 Launchpad, Ubuntu, Debian |
Upstream |
Not vulnerable
(x86 only)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-gke Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.4~rc1)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(4.4.0-1003.3)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-goldfish Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.4~rc1)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Ignored
(abandoned)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was ignored)
|
|
linux-grouper Launchpad, Ubuntu, Debian |
Upstream |
Not vulnerable
(x86 only)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was ignored)
|
|
linux-hwe Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.4~rc1)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(4.8.0-36.36~16.04.1)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-hwe-edge Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.4~rc1)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(4.8.0-36.36~16.04.1)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-linaro-omap Launchpad, Ubuntu, Debian |
Upstream |
Not vulnerable
(x86 only)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-linaro-shared Launchpad, Ubuntu, Debian |
Upstream |
Not vulnerable
(x86 only)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-linaro-vexpress Launchpad, Ubuntu, Debian |
Upstream |
Not vulnerable
(x86 only)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-lts-quantal Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.4~rc1)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
This package is not directly supported by the Ubuntu Security Team | ||
linux-lts-raring Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.4~rc1)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-lts-saucy Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.4~rc1)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
This package is not directly supported by the Ubuntu Security Team | ||
linux-lts-trusty Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.4~rc1)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-lts-utopic Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.4~rc1)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was released [3.16.0-56.75~14.04.1])
|
|
linux-lts-vivid Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.4~rc1)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was released [3.19.0-41.46~14.04.2])
|
|
linux-lts-wily Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.4~rc1)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was released [4.2.0-21.25~14.04.1])
|
|
linux-lts-xenial Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.4~rc1)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Not vulnerable
(4.4.0-13.29~14.04.1)
|
|
linux-maguro Launchpad, Ubuntu, Debian |
Upstream |
Not vulnerable
(x86 only)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was ignored)
|
|
linux-mako Launchpad, Ubuntu, Debian |
Upstream |
Not vulnerable
(x86 only)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(x86 only)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was ignored)
|
|
linux-manta Launchpad, Ubuntu, Debian |
Upstream |
Not vulnerable
(x86 only)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was ignored)
|
|
linux-mvl-dove Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.4~rc1)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-qcm-msm Launchpad, Ubuntu, Debian |
Upstream |
Not vulnerable
(x86 only)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-raspi2 Launchpad, Ubuntu, Debian |
Upstream |
Not vulnerable
(x86 only)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(x86 only)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-snapdragon Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.4~rc1)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(4.4.0-1012.12)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
linux-ti-omap4 Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.4~rc1)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
virtualbox Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.0.14-dfsg-1)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(5.0.14-dfsg-1)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was released [4.3.36-dfsg-1+deb8u1ubuntu1.14.04.1])
|
|
xen Launchpad, Ubuntu, Debian |
Upstream |
Released
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Released
(4.5.1-0ubuntu2)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was released [4.4.2-0ubuntu0.14.04.3])
|
|
Binaries built from this source package are in Universe and so are supported by the community. |
Notes
Author | Note |
---|---|
sbeattie | for linux kernel, only affects AMD processors (svm) |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8104
- http://xenbits.xen.org/xsa/advisory-156.html
- https://usn.ubuntu.com/usn/usn-2841-2
- https://usn.ubuntu.com/usn/usn-2841-1
- https://usn.ubuntu.com/usn/usn-2843-1
- https://usn.ubuntu.com/usn/usn-2842-1
- https://usn.ubuntu.com/usn/usn-2842-2
- https://usn.ubuntu.com/usn/usn-2844-1
- https://usn.ubuntu.com/usn/usn-2840-1
- https://usn.ubuntu.com/usn/usn-2843-2
- NVD
- Launchpad
- Debian