On Linux running on PowerPC hardware (Power8 or later) a user process can craft a signal frame and then do a sigreturn so that the kernel will take an exception (interrupt), and use the r1 value from the signal frame as the kernel stack pointer. As part of the exception entry the content of the signal frame is written to the kernel stack, allowing an attacker to overwrite arbitrary locations with arbitrary values. The exception handling does produce an oops, and a panic if paniconoops=1, but only after kernel memory has been over written. This flaw was introduced in commit: "5d176f751ee3 (powerpc: tm: Enable transactional memory (TM) lazily for userspace)" which was merged upstream into v4.9-rc1. Please note that kernels built with CONFIGPPCTRANSACTIONAL_MEM=n are not vulnerable.
{ "availability": "No subscription required", "ubuntu_priority": "high", "binaries": [ { "linux-headers-4.15.0-1023-azure": "4.15.0-1023.24~14.04.1", "linux-azure-cloud-tools-4.15.0-1023-dbgsym": "4.15.0-1023.24~14.04.1", "linux-azure-headers-4.15.0-1023": "4.15.0-1023.24~14.04.1", "linux-cloud-tools-4.15.0-1023-azure": "4.15.0-1023.24~14.04.1", "linux-modules-4.15.0-1023-azure": "4.15.0-1023.24~14.04.1", "linux-azure-tools-4.15.0-1023-dbgsym": "4.15.0-1023.24~14.04.1", "linux-modules-extra-4.15.0-1023-azure": "4.15.0-1023.24~14.04.1", "linux-azure-tools-4.15.0-1023": "4.15.0-1023.24~14.04.1", "linux-image-unsigned-4.15.0-1023-azure": "4.15.0-1023.24~14.04.1", "linux-image-unsigned-4.15.0-1023-azure-dbgsym": "4.15.0-1023.24~14.04.1", "linux-tools-4.15.0-1023-azure": "4.15.0-1023.24~14.04.1", "linux-azure-cloud-tools-4.15.0-1023": "4.15.0-1023.24~14.04.1" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "high", "binaries": [ { "floppy-modules-4.10.0-37-generic-di": "4.10.0-37.41~16.04.1", "nfs-modules-4.10.0-37-generic-di": "4.10.0-37.41~16.04.1", "irda-modules-4.10.0-37-generic-di": "4.10.0-37.41~16.04.1", "linux-hwe-cloud-tools-4.10.0-37": "4.10.0-37.41~16.04.1", "mouse-modules-4.10.0-37-generic-lpae-di": "4.10.0-37.41~16.04.1", "virtio-modules-4.10.0-37-generic-di": "4.10.0-37.41~16.04.1", "linux-image-4.10.0-37-lowlatency": "4.10.0-37.41~16.04.1", "linux-hwe-udebs-generic-lpae": "4.10.0-37.41~16.04.1", "block-modules-4.10.0-37-generic-lpae-di": "4.10.0-37.41~16.04.1", "usb-modules-4.10.0-37-generic-di": "4.10.0-37.41~16.04.1", "nic-modules-4.10.0-37-generic-lpae-di": "4.10.0-37.41~16.04.1", "fs-core-modules-4.10.0-37-generic-lpae-di": "4.10.0-37.41~16.04.1", "ppp-modules-4.10.0-37-generic-lpae-di": "4.10.0-37.41~16.04.1", "ipmi-modules-4.10.0-37-generic-di": "4.10.0-37.41~16.04.1", "linux-headers-4.10.0-37-generic": "4.10.0-37.41~16.04.1", "input-modules-4.10.0-37-generic-lpae-di": "4.10.0-37.41~16.04.1", "block-modules-4.10.0-37-generic-di": "4.10.0-37.41~16.04.1", "linux-source-4.10.0": "4.10.0-37.41~16.04.1", "firewire-core-modules-4.10.0-37-generic-di": "4.10.0-37.41~16.04.1", "fs-core-modules-4.10.0-37-generic-di": "4.10.0-37.41~16.04.1", "scsi-modules-4.10.0-37-generic-di": "4.10.0-37.41~16.04.1", "linux-tools-4.10.0-37-generic-lpae": "4.10.0-37.41~16.04.1", "nic-shared-modules-4.10.0-37-generic-lpae-di": "4.10.0-37.41~16.04.1", "fs-secondary-modules-4.10.0-37-generic-di": "4.10.0-37.41~16.04.1", "nic-usb-modules-4.10.0-37-generic-lpae-di": "4.10.0-37.41~16.04.1", "pcmcia-storage-modules-4.10.0-37-generic-di": "4.10.0-37.41~16.04.1", "dasd-modules-4.10.0-37-generic-di": "4.10.0-37.41~16.04.1", "fb-modules-4.10.0-37-generic-di": "4.10.0-37.41~16.04.1", "ppp-modules-4.10.0-37-generic-di": "4.10.0-37.41~16.04.1", "linux-image-4.10.0-37-generic": "4.10.0-37.41~16.04.1", "nfs-modules-4.10.0-37-generic-lpae-di": "4.10.0-37.41~16.04.1", "pata-modules-4.10.0-37-generic-di": "4.10.0-37.41~16.04.1", "parport-modules-4.10.0-37-generic-lpae-di": "4.10.0-37.41~16.04.1", "fs-secondary-modules-4.10.0-37-generic-lpae-di": "4.10.0-37.41~16.04.1", "linux-cloud-tools-4.10.0-37-lowlatency": "4.10.0-37.41~16.04.1", "linux-hwe-udebs-generic": "4.10.0-37.41~16.04.1", "storage-core-modules-4.10.0-37-generic-di": "4.10.0-37.41~16.04.1", "linux-cloud-tools-4.10.0-37-generic": "4.10.0-37.41~16.04.1", "message-modules-4.10.0-37-generic-di": "4.10.0-37.41~16.04.1", "md-modules-4.10.0-37-generic-di": "4.10.0-37.41~16.04.1", "kernel-image-4.10.0-37-generic-di": "4.10.0-37.41~16.04.1", "sata-modules-4.10.0-37-generic-lpae-di": "4.10.0-37.41~16.04.1", "nic-pcmcia-modules-4.10.0-37-generic-di": "4.10.0-37.41~16.04.1", "vlan-modules-4.10.0-37-generic-di": "4.10.0-37.41~16.04.1", "md-modules-4.10.0-37-generic-lpae-di": "4.10.0-37.41~16.04.1", "irda-modules-4.10.0-37-generic-lpae-di": "4.10.0-37.41~16.04.1", "serial-modules-4.10.0-37-generic-di": "4.10.0-37.41~16.04.1", "linux-image-4.10.0-37-generic-dbgsym": "4.10.0-37.41~16.04.1", "mouse-modules-4.10.0-37-generic-di": "4.10.0-37.41~16.04.1", "scsi-modules-4.10.0-37-generic-lpae-di": "4.10.0-37.41~16.04.1", "fat-modules-4.10.0-37-generic-di": "4.10.0-37.41~16.04.1", "linux-headers-4.10.0-37-lowlatency": "4.10.0-37.41~16.04.1", "linux-image-4.10.0-37-generic-lpae": "4.10.0-37.41~16.04.1", "linux-headers-4.10.0-37": "4.10.0-37.41~16.04.1", "plip-modules-4.10.0-37-generic-di": "4.10.0-37.41~16.04.1", "multipath-modules-4.10.0-37-generic-di": "4.10.0-37.41~16.04.1", "plip-modules-4.10.0-37-generic-lpae-di": "4.10.0-37.41~16.04.1", "fat-modules-4.10.0-37-generic-lpae-di": "4.10.0-37.41~16.04.1", "crypto-modules-4.10.0-37-generic-lpae-di": "4.10.0-37.41~16.04.1", "linux-image-4.10.0-37-generic-lpae-dbgsym": "4.10.0-37.41~16.04.1", "linux-headers-4.10.0-37-generic-lpae": "4.10.0-37.41~16.04.1", "linux-hwe-cloud-tools-4.10.0-37-dbgsym": "4.10.0-37.41~16.04.1", "linux-tools-4.10.0-37-lowlatency": "4.10.0-37.41~16.04.1", "nic-shared-modules-4.10.0-37-generic-di": "4.10.0-37.41~16.04.1", "kernel-image-4.10.0-37-generic-lpae-di": "4.10.0-37.41~16.04.1", "usb-modules-4.10.0-37-generic-lpae-di": "4.10.0-37.41~16.04.1", "storage-core-modules-4.10.0-37-generic-lpae-di": "4.10.0-37.41~16.04.1", "linux-hwe-tools-4.10.0-37-dbgsym": "4.10.0-37.41~16.04.1", "ipmi-modules-4.10.0-37-generic-lpae-di": "4.10.0-37.41~16.04.1", "sata-modules-4.10.0-37-generic-di": "4.10.0-37.41~16.04.1", "crypto-modules-4.10.0-37-generic-di": "4.10.0-37.41~16.04.1", "linux-image-extra-4.10.0-37-generic": "4.10.0-37.41~16.04.1", "multipath-modules-4.10.0-37-generic-lpae-di": "4.10.0-37.41~16.04.1", "nic-modules-4.10.0-37-generic-di": "4.10.0-37.41~16.04.1", "linux-hwe-tools-4.10.0-37": "4.10.0-37.41~16.04.1", "pcmcia-modules-4.10.0-37-generic-di": "4.10.0-37.41~16.04.1", "nic-usb-modules-4.10.0-37-generic-di": "4.10.0-37.41~16.04.1", "vlan-modules-4.10.0-37-generic-lpae-di": "4.10.0-37.41~16.04.1", "input-modules-4.10.0-37-generic-di": "4.10.0-37.41~16.04.1", "linux-image-4.10.0-37-lowlatency-dbgsym": "4.10.0-37.41~16.04.1", "linux-tools-4.10.0-37-generic": "4.10.0-37.41~16.04.1", "parport-modules-4.10.0-37-generic-di": "4.10.0-37.41~16.04.1", "dasd-extra-modules-4.10.0-37-generic-di": "4.10.0-37.41~16.04.1" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "high", "binaries": [ { "md-modules-4.13.0-1008-oem-di": "4.13.0-1008.9", "block-modules-4.13.0-1008-oem-di": "4.13.0-1008.9", "pcmcia-storage-modules-4.13.0-1008-oem-di": "4.13.0-1008.9", "nic-pcmcia-modules-4.13.0-1008-oem-di": "4.13.0-1008.9", "nfs-modules-4.13.0-1008-oem-di": "4.13.0-1008.9", "linux-image-4.13.0-1008-oem": "4.13.0-1008.9", "linux-headers-4.13.0-1008-oem": "4.13.0-1008.9", "floppy-modules-4.13.0-1008-oem-di": "4.13.0-1008.9", "ipmi-modules-4.13.0-1008-oem-di": "4.13.0-1008.9", "irda-modules-4.13.0-1008-oem-di": "4.13.0-1008.9", "scsi-modules-4.13.0-1008-oem-di": "4.13.0-1008.9", "crypto-modules-4.13.0-1008-oem-di": "4.13.0-1008.9", "mouse-modules-4.13.0-1008-oem-di": "4.13.0-1008.9", "plip-modules-4.13.0-1008-oem-di": "4.13.0-1008.9", "linux-image-4.13.0-1008-oem-dbgsym": "4.13.0-1008.9", "parport-modules-4.13.0-1008-oem-di": "4.13.0-1008.9", "linux-oem-tools-4.13.0-1008-dbgsym": "4.13.0-1008.9", "sata-modules-4.13.0-1008-oem-di": "4.13.0-1008.9", "firewire-core-modules-4.13.0-1008-oem-di": "4.13.0-1008.9", "serial-modules-4.13.0-1008-oem-di": "4.13.0-1008.9", "fs-core-modules-4.13.0-1008-oem-di": "4.13.0-1008.9", "pata-modules-4.13.0-1008-oem-di": "4.13.0-1008.9", "storage-core-modules-4.13.0-1008-oem-di": "4.13.0-1008.9", "ppp-modules-4.13.0-1008-oem-di": "4.13.0-1008.9", "multipath-modules-4.13.0-1008-oem-di": "4.13.0-1008.9", "input-modules-4.13.0-1008-oem-di": "4.13.0-1008.9", "fat-modules-4.13.0-1008-oem-di": "4.13.0-1008.9", "nic-modules-4.13.0-1008-oem-di": "4.13.0-1008.9", "linux-oem-tools-4.13.0-1008": "4.13.0-1008.9", "nic-shared-modules-4.13.0-1008-oem-di": "4.13.0-1008.9", "fb-modules-4.13.0-1008-oem-di": "4.13.0-1008.9", "linux-tools-4.13.0-1008-oem": "4.13.0-1008.9", "vlan-modules-4.13.0-1008-oem-di": "4.13.0-1008.9", "linux-udebs-oem": "4.13.0-1008.9", "nic-usb-modules-4.13.0-1008-oem-di": "4.13.0-1008.9", "virtio-modules-4.13.0-1008-oem-di": "4.13.0-1008.9", "message-modules-4.13.0-1008-oem-di": "4.13.0-1008.9", "pcmcia-modules-4.13.0-1008-oem-di": "4.13.0-1008.9", "linux-oem-headers-4.13.0-1008": "4.13.0-1008.9", "usb-modules-4.13.0-1008-oem-di": "4.13.0-1008.9", "kernel-image-4.13.0-1008-oem-di": "4.13.0-1008.9", "fs-secondary-modules-4.13.0-1008-oem-di": "4.13.0-1008.9" } ] }