| Revision Date: | 2014-12-31 | Version: | 1 | | Title: | CVE-2014-8181 on Ubuntu 16.04 LTS (xenial) - low. | | Description: | In sg_io, blk_rq_map_user{,_iov} may allocate a set of bounce buffer pages to do the bio, if it finds the user buffer cannot be directly mapped. But the allocated pages are not cleared. If the bounce buffer is also not written to by device, garbage data is left, and copied back to user in blk_rq_unmap_user. The allocated pages should be cleared. This also eliminates the risk of leaking sensitive information to userspace, which may have a security impact.
| | Family: | unix | Class: | vulnerability | | Status: | | Reference(s): | CVE-2014-8181
| | Platform(s): | Ubuntu 16.04 LTS
| Product(s): | | | Definition Synopsis | | Ubuntu 16.04 LTS (xenial) is installed. AND Package Information
NOT linux-image-4.4.0-150-generic package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-4.4.0-150-generic-lpae package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-4.4.0-150-lowlatency package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-4.4.0-150-powerpc-e500mc package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-4.4.0-150-powerpc-smp package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-4.4.0-150-powerpc64-emb package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-4.4.0-150-powerpc64-smp package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-unsigned-4.4.0-150-generic package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-unsigned-4.4.0-150-lowlatency package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-4.4.0-1084-aws package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-3.4.0-5-flo package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-4.4.0-1034-gke package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-extra-4.4.0-1034-gke package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-3.4.0-4-goldfish package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-4.15.0-51-generic package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-4.15.0-51-generic-lpae package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-4.15.0-51-lowlatency package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-unsigned-4.15.0-51-generic package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-unsigned-4.15.0-51-lowlatency package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-3.4.0-7-mako package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-extra-virtual package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-extra-virtual-lts-utopic package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-extra-virtual-lts-vivid package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-extra-virtual-lts-wily package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-extra-virtual-lts-xenial package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-generic package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-generic-lpae package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-generic-lpae-lts-utopic package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-generic-lpae-lts-vivid package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-generic-lpae-lts-wily package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-generic-lpae-lts-xenial package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-generic-lts-utopic package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-generic-lts-vivid package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-generic-lts-wily package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-generic-lts-xenial package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-hwe-generic-trusty package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-hwe-virtual-trusty package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-lowlatency package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-lowlatency-lts-utopic package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-lowlatency-lts-vivid package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-lowlatency-lts-wily package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-lowlatency-lts-xenial package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-powerpc-e500mc package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-powerpc-e500mc-lts-utopic package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-powerpc-e500mc-lts-vivid package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-powerpc-e500mc-lts-wily package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-powerpc-e500mc-lts-xenial package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-powerpc-smp package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-powerpc-smp-lts-utopic package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-powerpc-smp-lts-vivid package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-powerpc-smp-lts-wily package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-powerpc-smp-lts-xenial package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-powerpc64-emb package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-powerpc64-emb-lts-utopic package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-powerpc64-emb-lts-vivid package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-powerpc64-emb-lts-wily package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-powerpc64-emb-lts-xenial package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-powerpc64-smp package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-powerpc64-smp-lts-utopic package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-powerpc64-smp-lts-vivid package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-powerpc64-smp-lts-wily package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-powerpc64-smp-lts-xenial package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-virtual package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-virtual-lts-utopic package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-virtual-lts-vivid package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-virtual-lts-wily package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-virtual-lts-xenial package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-aws package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-extra-virtual-hwe-16.04 package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-generic-hwe-16.04 package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-generic-lpae-hwe-16.04 package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-lowlatency-hwe-16.04 package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-oem package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-virtual-hwe-16.04 package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-raspi2 package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-snapdragon package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-4.4.0-1110-raspi2 package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-4.4.0-150-generic package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-4.4.0-150-lowlatency package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-4.15.0-51-generic package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-4.15.0-51-lowlatency package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
OR NOT linux-image-4.4.0-1114-snapdragon package in xenial, while related to the CVE in some way, is not affected (note: 'RHEL 7 kernel only').
|
|