| Revision Date: | 2016-06-27 | Version: | 1 | | Title: | CVE-2016-4440 on Ubuntu 14.04 LTS (trusty) - medium. | | Description: | arch/x86/kvm/vmx.c in the Linux kernel through 4.6.3 mishandles the APICv on/off state, which allows guest OS users to obtain direct APIC MSR access on the host OS, and consequently cause a denial of service (host OS crash) or possibly execute arbitrary code on the host OS, via x2APIC mode. XXX-no-USN-needed-see-NOTE-XXX It was discovered that the Linux kernel mishandles the APICv on/off state, allowing guest OS users direct APIC MSR access on the host OS. A local attacker could use this to cause a denial of service (host OS crash), or possibly execute arbitrary code with administrative privileges in the host OS.
| | Family: | unix | Class: | vulnerability | | Status: | | Reference(s): | CVE-2016-4440
| | Platform(s): | Ubuntu 14.04 LTS
| Product(s): | | | Definition Synopsis | | Ubuntu 14.04 LTS (trusty) is installed. AND Package Information
NOT While related to the CVE in some way, the 'linux' package in trusty is not affected.
OR NOT While related to the CVE in some way, the 'linux-aws' package in trusty is not affected (note: '4.4.0-1002.2').
OR While related to the CVE in some way, a decision has been made to ignore it.
OR While related to the CVE in some way, a decision has been made to ignore it.
OR While related to the CVE in some way, a decision has been made to ignore it.
OR NOT While related to the CVE in some way, the 'linux-lts-utopic' package in trusty is not affected.
OR NOT While related to the CVE in some way, the 'linux-lts-vivid' package in trusty is not affected.
OR NOT While related to the CVE in some way, the 'linux-lts-wily' package in trusty is not affected.
OR NOT While related to the CVE in some way, the 'linux-lts-xenial' package in trusty is not affected (note: '4.4.0-34.53~14.04.1').
OR While related to the CVE in some way, a decision has been made to ignore it.
OR While related to the CVE in some way, a decision has been made to ignore it.
OR While related to the CVE in some way, a decision has been made to ignore it.
|
|