CVE-2015-8104

Published: 16 November 2015

The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c.

From the Ubuntu security team

Jan Beulich discovered that the KVM svm hypervisor implementation in the Linux kernel did not properly catch Debug exceptions on AMD processors. An attacker in a guest virtual machine could use this to cause a denial of service (system crash) in the host OS.

Priority

Medium

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
Upstream
Released (4.4~rc1)
Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(4.3.0-1.10)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (3.13.0-73.116)
Patches:
Introduced by 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Fixed by cbdb967af3d54993f5814f1cee0ed311a055377d
linux-armadaxp
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(x86 only)
Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

This package is not directly supported by the Ubuntu Security Team
linux-aws
Launchpad, Ubuntu, Debian
Upstream
Released (4.4~rc1)
Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(4.4.0-1001.10)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(4.4.0-1002.2)
linux-ec2
Launchpad, Ubuntu, Debian
Upstream
Released (4.4~rc1)
Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-flo
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(x86 only)
Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(x86 only)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored)
linux-fsl-imx51
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(x86 only)
Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-gke
Launchpad, Ubuntu, Debian
Upstream
Released (4.4~rc1)
Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(4.4.0-1003.3)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-goldfish
Launchpad, Ubuntu, Debian
Upstream
Released (4.4~rc1)
Ubuntu 16.04 LTS (Xenial Xerus) Ignored
(abandoned)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored)
linux-grouper
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(x86 only)
Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored)
linux-hwe
Launchpad, Ubuntu, Debian
Upstream
Released (4.4~rc1)
Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(4.8.0-36.36~16.04.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-hwe-edge
Launchpad, Ubuntu, Debian
Upstream
Released (4.4~rc1)
Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(4.8.0-36.36~16.04.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-linaro-omap
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(x86 only)
Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-linaro-shared
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(x86 only)
Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-linaro-vexpress
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(x86 only)
Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-lts-quantal
Launchpad, Ubuntu, Debian
Upstream
Released (4.4~rc1)
Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

This package is not directly supported by the Ubuntu Security Team
linux-lts-raring
Launchpad, Ubuntu, Debian
Upstream
Released (4.4~rc1)
Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-lts-saucy
Launchpad, Ubuntu, Debian
Upstream
Released (4.4~rc1)
Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

This package is not directly supported by the Ubuntu Security Team
linux-lts-trusty
Launchpad, Ubuntu, Debian
Upstream
Released (4.4~rc1)
Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-lts-utopic
Launchpad, Ubuntu, Debian
Upstream
Released (4.4~rc1)
Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [3.16.0-56.75~14.04.1])
linux-lts-vivid
Launchpad, Ubuntu, Debian
Upstream
Released (4.4~rc1)
Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [3.19.0-41.46~14.04.2])
linux-lts-wily
Launchpad, Ubuntu, Debian
Upstream
Released (4.4~rc1)
Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [4.2.0-21.25~14.04.1])
linux-lts-xenial
Launchpad, Ubuntu, Debian
Upstream
Released (4.4~rc1)
Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(4.4.0-13.29~14.04.1)
linux-maguro
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(x86 only)
Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored)
linux-mako
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(x86 only)
Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(x86 only)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored)
linux-manta
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(x86 only)
Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored)
linux-mvl-dove
Launchpad, Ubuntu, Debian
Upstream
Released (4.4~rc1)
Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-qcm-msm
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(x86 only)
Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-raspi2
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(x86 only)
Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(x86 only)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-snapdragon
Launchpad, Ubuntu, Debian
Upstream
Released (4.4~rc1)
Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(4.4.0-1012.12)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-ti-omap4
Launchpad, Ubuntu, Debian
Upstream
Released (4.4~rc1)
Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

virtualbox
Launchpad, Ubuntu, Debian
Upstream
Released (5.0.14-dfsg-1)
Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(5.0.14-dfsg-1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [4.3.36-dfsg-1+deb8u1ubuntu1.14.04.1])
xen
Launchpad, Ubuntu, Debian
Upstream
Released
Ubuntu 16.04 LTS (Xenial Xerus)
Released (4.5.1-0ubuntu2)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [4.4.2-0ubuntu0.14.04.3])
Binaries built from this source package are in Universe and so are supported by the community.