| Revision Date: | 2015-05-27 | Version: | 1 | | Title: | CVE-2015-2666 on Ubuntu 12.04 LTS (precise) - medium. | | Description: | Stack-based buffer overflow in the get_matching_model_microcode function in arch/x86/kernel/cpu/microcode/intel_early.c in the Linux kernel before 4.0 allows context-dependent attackers to gain privileges by constructing a crafted microcode header and leveraging root privileges for write access to the initrd. A stack overflow was discovered in the the microcode loader for the intel x86 platform. A local attacker could exploit this flaw to cause a denial of service (kernel crash) or to potentially execute code with kernel privileges.
| | Family: | unix | Class: | vulnerability | | Status: | | Reference(s): | CVE-2015-2666
| | Platform(s): | Ubuntu 12.04 LTS
| Product(s): | | | Definition Synopsis | | Ubuntu 12.04 LTS (precise) is installed. AND Package Information
NOT While related to the CVE in some way, the 'linux' package in precise is not affected.
OR NOT While related to the CVE in some way, the 'linux-armadaxp' package in precise is not affected.
OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned').
OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned').
OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned').
OR NOT While related to the CVE in some way, the 'linux-lts-quantal' package in precise is not affected.
OR While related to the CVE in some way, a decision has been made to ignore it (note: 'was needs-triage now end-of-life').
OR While related to the CVE in some way, a decision has been made to ignore it (note: 'was pending [3.11.0-34.55~precise1] OEM release').
OR The 'linux-lts-trusty' package in precise was vulnerable but has been fixed (note: '3.13.0-51.84~precise1').
OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned').
OR NOT While related to the CVE in some way, the 'linux-ti-omap4' package in precise is not affected.
|
|