CVE-2016-2117
Published: 02 May 2016
The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel through 4.5.2 incorrectly enables scatter/gather I/O, which allows remote attackers to obtain sensitive information from kernel memory by reading packet data.
From the Ubuntu security team
Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory.
Priority
High
CVSS 3 base score: 7.5
Status
| Package | Release | Status |
|---|---|---|
|
linux Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.6~rc5)
|
|
Patches: Introduced by ec5f061564238892005257c83565a0b58ec79295 Fixed by f43bfaeddc79effbf3d0fcb53ca477cca66f3db8 |
||
|
linux-armadaxp Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.6~rc5)
|
| This package is not directly supported by the Ubuntu Security Team | ||
|
linux-aws Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.6~rc5)
|
|
linux-flo Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.6~rc5)
|
|
linux-gke Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.6~rc5)
|
|
linux-goldfish Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.6~rc5)
|
|
linux-grouper Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.6~rc5)
|
|
linux-hwe Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.6~rc5)
|
|
linux-hwe-edge Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.6~rc5)
|
|
linux-linaro-omap Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.6~rc5)
|
|
linux-linaro-shared Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.6~rc5)
|
|
linux-linaro-vexpress Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.6~rc5)
|
|
linux-lts-quantal Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.6~rc5)
|
| This package is not directly supported by the Ubuntu Security Team | ||
|
linux-lts-raring Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.6~rc5)
|
|
linux-lts-saucy Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.6~rc5)
|
| This package is not directly supported by the Ubuntu Security Team | ||
|
linux-lts-trusty Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.6~rc5)
|
|
linux-lts-utopic Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.6~rc5)
|
|
linux-lts-vivid Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.6~rc5)
|
|
linux-lts-wily Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.6~rc5)
|
|
linux-lts-xenial Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.6~rc5)
|
|
linux-maguro Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.6~rc5)
|
|
linux-mako Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.6~rc5)
|
|
linux-manta Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.6~rc5)
|
|
linux-qcm-msm Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.6~rc5)
|
|
linux-raspi2 Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.6~rc5)
|
|
linux-snapdragon Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.6~rc5)
|
|
linux-ti-omap4 Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.6~rc5)
|
Notes
| Author | Note |
|---|---|
| tyhicks | The atl2 ethernet driver is the only driver that discloses memory to ethernet in the default configuration |
| jdstrand | android kernels (flo, goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 14.10 and earlier preview kernels linux-lts-saucy no longer receives official support linux-lts-quantal no longer receives official support |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2117
- http://www.openwall.com/lists/oss-security/2016/03/16/7
- https://ubuntu.com/security/notices/USN-2989-1
- https://ubuntu.com/security/notices/USN-2998-1
- https://ubuntu.com/security/notices/USN-3000-1
- https://ubuntu.com/security/notices/USN-3001-1
- https://ubuntu.com/security/notices/USN-3002-1
- https://ubuntu.com/security/notices/USN-3003-1
- https://ubuntu.com/security/notices/USN-3004-1
- https://ubuntu.com/security/notices/USN-3005-1
- https://ubuntu.com/security/notices/USN-3006-1
- https://ubuntu.com/security/notices/USN-3007-1
- NVD
- Launchpad
- Debian