CVE-2016-6130

Race condition in the sclp_ctl_ioctl_sccb function in drivers/s390/char/sclp_ctl.c in the Linux kernel before 4.6 allows local users to obtain sensitive information from kernel memory by changing a certain length value, aka a "double fetch" vulnerability.

From the Ubuntu Security Team

Pengfei Wang discovered a race condition in the s390 SCLP console driver for the Linux kernel when handling ioctl()s. A local attacker could use this to obtain sensitive information from kernel memory.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
linux	16.10 yakkety	Not affected
	16.04 LTS xenial	Fixed 4.4.0-42.62
	15.10 wily	Not affected
	14.04 LTS trusty	Not affected
	12.04 LTS precise	Not affected
linux-armadaxp	16.10 yakkety	Not in release
	16.04 LTS xenial	Not in release
	15.10 wily	Not in release
	14.04 LTS trusty	Not in release
	12.04 LTS precise	Not affected
linux-aws	16.10 yakkety	Not in release
	16.04 LTS xenial	Not affected
	14.04 LTS trusty	Not affected
	12.04 LTS precise	Not in release
linux-flo	16.10 yakkety	Not affected
	16.04 LTS xenial	Not affected
	15.10 wily	Not affected
	14.04 LTS trusty	Not in release
	12.04 LTS precise	Not in release
linux-gke	16.10 yakkety	Not in release
	16.04 LTS xenial	Not affected
	14.04 LTS trusty	Not in release
	12.04 LTS precise	Not in release
linux-goldfish	16.10 yakkety	Not affected
	16.04 LTS xenial	Not affected
	15.10 wily	Not affected
	14.04 LTS trusty	Not in release
	12.04 LTS precise	Not in release
linux-grouper	16.10 yakkety	Not in release
	16.04 LTS xenial	Not in release
	15.10 wily	Not in release
	14.04 LTS trusty	Not in release
	12.04 LTS precise	Not in release
linux-hwe	16.10 yakkety	Not in release
	16.04 LTS xenial	Not affected
	14.04 LTS trusty	Not in release
	12.04 LTS precise	Not in release
linux-hwe-edge	16.10 yakkety	Not in release
	16.04 LTS xenial	Not affected
	14.04 LTS trusty	Not in release
	12.04 LTS precise	Not in release
linux-linaro-omap	16.10 yakkety	Not in release
	16.04 LTS xenial	Not in release
	15.10 wily	Not in release
	14.04 LTS trusty	Not in release
	12.04 LTS precise	Ignored end of life
linux-linaro-shared	16.10 yakkety	Not in release
	16.04 LTS xenial	Not in release
	15.10 wily	Not in release
	14.04 LTS trusty	Not in release
	12.04 LTS precise	Ignored end of life
linux-linaro-vexpress	16.10 yakkety	Not in release
	16.04 LTS xenial	Not in release
	15.10 wily	Not in release
	14.04 LTS trusty	Not in release
	12.04 LTS precise	Ignored end of life
linux-lts-quantal	16.10 yakkety	Not in release
	16.04 LTS xenial	Not in release
	15.10 wily	Not in release
	14.04 LTS trusty	Not in release
	12.04 LTS precise	Ignored end of life
linux-lts-raring	16.10 yakkety	Not in release
	16.04 LTS xenial	Not in release
	15.10 wily	Not in release
	14.04 LTS trusty	Not in release
	12.04 LTS precise	Ignored end of life
linux-lts-saucy	16.10 yakkety	Not in release
	16.04 LTS xenial	Not in release
	15.10 wily	Not in release
	14.04 LTS trusty	Not in release
	12.04 LTS precise	Ignored end of life
linux-lts-trusty	16.10 yakkety	Not in release
	16.04 LTS xenial	Not in release
	15.10 wily	Not in release
	14.04 LTS trusty	Not in release
	12.04 LTS precise	Not affected
linux-lts-utopic	16.10 yakkety	Not in release
	16.04 LTS xenial	Not in release
	15.10 wily	Not in release
	14.04 LTS trusty	Not in release
	12.04 LTS precise	Not in release
linux-lts-vivid	16.10 yakkety	Not in release
	16.04 LTS xenial	Not in release
	15.10 wily	Not in release
	14.04 LTS trusty	Not in release
	12.04 LTS precise	Not in release
linux-lts-wily	16.10 yakkety	Not in release
	16.04 LTS xenial	Not in release
	15.10 wily	Not in release
	14.04 LTS trusty	Not in release
	12.04 LTS precise	Not in release
linux-lts-xenial	16.10 yakkety	Not in release
	16.04 LTS xenial	Not in release
	15.10 wily	Not in release
	14.04 LTS trusty	Not affected
	12.04 LTS precise	Not in release
linux-maguro	16.10 yakkety	Not in release
	16.04 LTS xenial	Not in release
	15.10 wily	Not in release
	14.04 LTS trusty	Not in release
	12.04 LTS precise	Not in release
linux-mako	16.10 yakkety	Not affected
	16.04 LTS xenial	Not affected
	15.10 wily	Not affected
	14.04 LTS trusty	Not in release
	12.04 LTS precise	Not in release
linux-manta	16.10 yakkety	Not in release
	16.04 LTS xenial	Not in release
	15.10 wily	Not affected
	14.04 LTS trusty	Not in release
	12.04 LTS precise	Not in release
linux-qcm-msm	16.10 yakkety	Not in release
	16.04 LTS xenial	Not in release
	15.10 wily	Not in release
	14.04 LTS trusty	Not in release
	12.04 LTS precise	Ignored end of life
linux-raspi2	16.10 yakkety	Not affected
	16.04 LTS xenial	Not affected
	15.10 wily	Not affected
	14.04 LTS trusty	Not in release
	12.04 LTS precise	Not in release
linux-snapdragon	16.10 yakkety	Not affected
	16.04 LTS xenial	Not affected
	15.10 wily	Not in release
	14.04 LTS trusty	Not in release
	12.04 LTS precise	Not in release
linux-ti-omap4	16.10 yakkety	Not in release
	16.04 LTS xenial	Not in release
	15.10 wily	Not in release
	14.04 LTS trusty	Not in release
	12.04 LTS precise	Not affected

Notes

jdstrand

android kernels (flo, goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 14.10 and earlier preview kernels linux-lts-saucy no longer receives official support linux-lts-quantal no longer receives official support

sbeattie

s390 only

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
linux	Introduced by d475f94, fixed by 532c34b

Severity score breakdown

Parameter	Value
Base score	4.7 · Medium
Attack vector	Local
Attack complexity	High
Privileges required	Low
User interaction	None
Scope	Unchanged
Confidentiality	High
Integrity impact	None
Availability impact	None
Vector	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

References

Related Ubuntu Security Notices (USN)

USN-3099-1
Linux kernel vulnerabilities
11 October 2016

Cvss 3 Severity Score