The apparmor_setprocattr function in security/apparmor/lsm.c in the Linux kernel before 4.6.5 does not validate the buffer size, which allows local users to gain privileges by triggering an AppArmor setprocattr hook.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "usb-modules-4.8.0-36-generic-lpae-di": "4.8.0-36.36~16.04.1", "message-modules-4.8.0-36-generic-di": "4.8.0-36.36~16.04.1", "vlan-modules-4.8.0-36-generic-di": "4.8.0-36.36~16.04.1", "irda-modules-4.8.0-36-generic-lpae-di": "4.8.0-36.36~16.04.1", "parport-modules-4.8.0-36-generic-lpae-di": "4.8.0-36.36~16.04.1", "fs-secondary-modules-4.8.0-36-generic-di": "4.8.0-36.36~16.04.1", "kernel-image-4.8.0-36-generic-lpae-di": "4.8.0-36.36~16.04.1", "crypto-modules-4.8.0-36-generic-di": "4.8.0-36.36~16.04.1", "linux-hwe-udebs-generic-lpae": "4.8.0-36.36~16.04.1", "linux-image-extra-4.8.0-36-generic": "4.8.0-36.36~16.04.1", "dasd-modules-4.8.0-36-generic-di": "4.8.0-36.36~16.04.1", "firewire-core-modules-4.8.0-36-generic-di": "4.8.0-36.36~16.04.1", "linux-headers-4.8.0-36-generic": "4.8.0-36.36~16.04.1", "linux-tools-4.8.0-36-generic-lpae": "4.8.0-36.36~16.04.1", "linux-tools-4.8.0-36-lowlatency": "4.8.0-36.36~16.04.1", "nfs-modules-4.8.0-36-generic-di": "4.8.0-36.36~16.04.1", "floppy-modules-4.8.0-36-generic-di": "4.8.0-36.36~16.04.1", "nic-modules-4.8.0-36-generic-di": "4.8.0-36.36~16.04.1", "linux-image-4.8.0-36-lowlatency": "4.8.0-36.36~16.04.1", "linux-headers-4.8.0-36": "4.8.0-36.36~16.04.1", "linux-headers-4.8.0-36-generic-lpae": "4.8.0-36.36~16.04.1", "sata-modules-4.8.0-36-generic-lpae-di": "4.8.0-36.36~16.04.1", "linux-cloud-tools-4.8.0-36-generic": "4.8.0-36.36~16.04.1", "scsi-modules-4.8.0-36-generic-lpae-di": "4.8.0-36.36~16.04.1", "nic-pcmcia-modules-4.8.0-36-generic-di": "4.8.0-36.36~16.04.1", "storage-core-modules-4.8.0-36-generic-di": "4.8.0-36.36~16.04.1", "linux-image-4.8.0-36-generic": "4.8.0-36.36~16.04.1", "fs-core-modules-4.8.0-36-generic-lpae-di": "4.8.0-36.36~16.04.1", "mouse-modules-4.8.0-36-generic-lpae-di": "4.8.0-36.36~16.04.1", "pata-modules-4.8.0-36-generic-di": "4.8.0-36.36~16.04.1", "linux-headers-4.8.0-36-lowlatency": "4.8.0-36.36~16.04.1", "fat-modules-4.8.0-36-generic-di": "4.8.0-36.36~16.04.1", "vlan-modules-4.8.0-36-generic-lpae-di": "4.8.0-36.36~16.04.1", "serial-modules-4.8.0-36-generic-di": "4.8.0-36.36~16.04.1", "dasd-extra-modules-4.8.0-36-generic-di": "4.8.0-36.36~16.04.1", "linux-hwe-tools-4.8.0-36": "4.8.0-36.36~16.04.1", "linux-hwe-udebs-generic": "4.8.0-36.36~16.04.1", "ipmi-modules-4.8.0-36-generic-di": "4.8.0-36.36~16.04.1", "block-modules-4.8.0-36-generic-di": "4.8.0-36.36~16.04.1", "linux-hwe-cloud-tools-4.8.0-36-dbgsym": "4.8.0-36.36~16.04.1", "linux-hwe-tools-4.8.0-36-dbgsym": "4.8.0-36.36~16.04.1", "linux-image-4.8.0-36-generic-dbgsym": "4.8.0-36.36~16.04.1", "nic-usb-modules-4.8.0-36-generic-lpae-di": "4.8.0-36.36~16.04.1", "nic-usb-modules-4.8.0-36-generic-di": "4.8.0-36.36~16.04.1", "linux-source-4.8.0": "4.8.0-36.36~16.04.1", "linux-image-4.8.0-36-lowlatency-dbgsym": "4.8.0-36.36~16.04.1", "parport-modules-4.8.0-36-generic-di": "4.8.0-36.36~16.04.1", "nic-shared-modules-4.8.0-36-generic-lpae-di": "4.8.0-36.36~16.04.1", "plip-modules-4.8.0-36-generic-di": "4.8.0-36.36~16.04.1", "kernel-image-4.8.0-36-generic-di": "4.8.0-36.36~16.04.1", "virtio-modules-4.8.0-36-generic-di": "4.8.0-36.36~16.04.1", "nic-modules-4.8.0-36-generic-lpae-di": "4.8.0-36.36~16.04.1", "usb-modules-4.8.0-36-generic-di": "4.8.0-36.36~16.04.1", "mouse-modules-4.8.0-36-generic-di": "4.8.0-36.36~16.04.1", "storage-core-modules-4.8.0-36-generic-lpae-di": "4.8.0-36.36~16.04.1", "multipath-modules-4.8.0-36-generic-di": "4.8.0-36.36~16.04.1", "nfs-modules-4.8.0-36-generic-lpae-di": "4.8.0-36.36~16.04.1", "linux-tools-4.8.0-36-generic": "4.8.0-36.36~16.04.1", "md-modules-4.8.0-36-generic-lpae-di": "4.8.0-36.36~16.04.1", "irda-modules-4.8.0-36-generic-di": "4.8.0-36.36~16.04.1", "nic-shared-modules-4.8.0-36-generic-di": "4.8.0-36.36~16.04.1", "multipath-modules-4.8.0-36-generic-lpae-di": "4.8.0-36.36~16.04.1", "fs-core-modules-4.8.0-36-generic-di": "4.8.0-36.36~16.04.1", "pcmcia-modules-4.8.0-36-generic-di": "4.8.0-36.36~16.04.1", "scsi-modules-4.8.0-36-generic-di": "4.8.0-36.36~16.04.1", "plip-modules-4.8.0-36-generic-lpae-di": "4.8.0-36.36~16.04.1", "ppp-modules-4.8.0-36-generic-lpae-di": "4.8.0-36.36~16.04.1", "block-modules-4.8.0-36-generic-lpae-di": "4.8.0-36.36~16.04.1", "linux-hwe-cloud-tools-4.8.0-36": "4.8.0-36.36~16.04.1", "fs-secondary-modules-4.8.0-36-generic-lpae-di": "4.8.0-36.36~16.04.1", "linux-image-4.8.0-36-generic-lpae-dbgsym": "4.8.0-36.36~16.04.1", "fb-modules-4.8.0-36-generic-di": "4.8.0-36.36~16.04.1", "sata-modules-4.8.0-36-generic-di": "4.8.0-36.36~16.04.1", "input-modules-4.8.0-36-generic-di": "4.8.0-36.36~16.04.1", "md-modules-4.8.0-36-generic-di": "4.8.0-36.36~16.04.1", "crypto-modules-4.8.0-36-generic-lpae-di": "4.8.0-36.36~16.04.1", "ipmi-modules-4.8.0-36-generic-lpae-di": "4.8.0-36.36~16.04.1", "ppp-modules-4.8.0-36-generic-di": "4.8.0-36.36~16.04.1", "pcmcia-storage-modules-4.8.0-36-generic-di": "4.8.0-36.36~16.04.1", "fat-modules-4.8.0-36-generic-lpae-di": "4.8.0-36.36~16.04.1", "input-modules-4.8.0-36-generic-lpae-di": "4.8.0-36.36~16.04.1", "linux-cloud-tools-4.8.0-36-lowlatency": "4.8.0-36.36~16.04.1", "linux-image-4.8.0-36-generic-lpae": "4.8.0-36.36~16.04.1" } ] }