Launchpad.net

CVE 2016-3157

The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel does not properly context-switch IOPL on 64-bit PV Xen guests, which allows local guest OS users to gain privileges, cause a denial of service (guest OS crash), or obtain sensitive information by leveraging I/O port access.

Related bugs and status

CVE-2016-3157 (Candidate) is related to these bugs:

Bug #1561388: CVE-2016-3157

		In	Importance	Status
1561388	CVE-2016-3157	linux (Ubuntu)	Medium	Fix Released
1561388	CVE-2016-3157	linux-ti-omap4 (Ubuntu)	Medium	Invalid
1561388	CVE-2016-3157	linux-raspi2 (Ubuntu)	Medium	New
1561388	CVE-2016-3157	linux (Ubuntu Xenial)	Medium	Fix Released
1561388	CVE-2016-3157	linux-raspi2 (Ubuntu Xenial)	Medium	Fix Released
1561388	CVE-2016-3157	linux-ti-omap4 (Ubuntu Xenial)	Medium	Invalid
1561388	CVE-2016-3157	linux (Ubuntu Wily)	Medium	Fix Released
1561388	CVE-2016-3157	linux-raspi2 (Ubuntu Wily)	Medium	Fix Released
1561388	CVE-2016-3157	linux-ti-omap4 (Ubuntu Wily)	Medium	Invalid
1561388	CVE-2016-3157	linux (Ubuntu Vivid)	Undecided	Won't Fix
1561388	CVE-2016-3157	linux-raspi2 (Ubuntu Vivid)	Undecided	Won't Fix
1561388	CVE-2016-3157	linux-ti-omap4 (Ubuntu Vivid)	Undecided	Won't Fix
1561388	CVE-2016-3157	linux (Ubuntu Trusty)	Medium	Fix Released
1561388	CVE-2016-3157	linux-raspi2 (Ubuntu Trusty)	Medium	Invalid
1561388	CVE-2016-3157	linux-ti-omap4 (Ubuntu Trusty)	Medium	Invalid
1561388	CVE-2016-3157	linux (Ubuntu Precise)	Medium	Fix Released
1561388	CVE-2016-3157	linux-raspi2 (Ubuntu Precise)	Medium	Invalid
1561388	CVE-2016-3157	linux-ti-omap4 (Ubuntu Precise)	Medium	Fix Released
1561388	CVE-2016-3157	linux-lts-trusty (Ubuntu)	Medium	Invalid
1561388	CVE-2016-3157	linux-lts-trusty (Ubuntu Precise)	Medium	Fix Released
1561388	CVE-2016-3157	linux-lts-trusty (Ubuntu Trusty)	Medium	Invalid
1561388	CVE-2016-3157	linux-lts-trusty (Ubuntu Vivid)	Undecided	Won't Fix
1561388	CVE-2016-3157	linux-lts-trusty (Ubuntu Wily)	Medium	Invalid
1561388	CVE-2016-3157	linux-lts-trusty (Ubuntu Xenial)	Medium	Invalid
1561388	CVE-2016-3157	linux-armadaxp (Ubuntu)	Medium	Invalid
1561388	CVE-2016-3157	linux-armadaxp (Ubuntu Precise)	Medium	Fix Released
1561388	CVE-2016-3157	linux-armadaxp (Ubuntu Trusty)	Medium	Invalid
1561388	CVE-2016-3157	linux-armadaxp (Ubuntu Vivid)	Undecided	Won't Fix
1561388	CVE-2016-3157	linux-armadaxp (Ubuntu Wily)	Medium	Invalid
1561388	CVE-2016-3157	linux-armadaxp (Ubuntu Xenial)	Medium	Invalid
1561388	CVE-2016-3157	linux-lts-xenial (Ubuntu)	Medium	Invalid
1561388	CVE-2016-3157	linux-lts-xenial (Ubuntu Precise)	Medium	Invalid
1561388	CVE-2016-3157	linux-lts-xenial (Ubuntu Trusty)	Medium	Fix Released
1561388	CVE-2016-3157	linux-lts-xenial (Ubuntu Vivid)	Undecided	New
1561388	CVE-2016-3157	linux-lts-xenial (Ubuntu Wily)	Medium	Invalid
1561388	CVE-2016-3157	linux-lts-xenial (Ubuntu Xenial)	Medium	Invalid
1561388	CVE-2016-3157	linux-lts-wily (Ubuntu)	Medium	Invalid
1561388	CVE-2016-3157	linux-lts-wily (Ubuntu Precise)	Medium	Invalid
1561388	CVE-2016-3157	linux-lts-wily (Ubuntu Trusty)	Medium	Fix Released
1561388	CVE-2016-3157	linux-lts-wily (Ubuntu Vivid)	Undecided	New
1561388	CVE-2016-3157	linux-lts-wily (Ubuntu Wily)	Medium	Invalid
1561388	CVE-2016-3157	linux-lts-wily (Ubuntu Xenial)	Medium	Invalid
1561388	CVE-2016-3157	linux-goldfish (Ubuntu)	Medium	New
1561388	CVE-2016-3157	linux-goldfish (Ubuntu Precise)	Medium	Invalid
1561388	CVE-2016-3157	linux-goldfish (Ubuntu Trusty)	Medium	Invalid
1561388	CVE-2016-3157	linux-goldfish (Ubuntu Vivid)	Undecided	New
1561388	CVE-2016-3157	linux-goldfish (Ubuntu Wily)	Medium	New
1561388	CVE-2016-3157	linux-goldfish (Ubuntu Xenial)	Medium	New
1561388	CVE-2016-3157	linux-lts-saucy (Ubuntu)	Medium	Invalid
1561388	CVE-2016-3157	linux-lts-saucy (Ubuntu Precise)	Medium	Invalid
1561388	CVE-2016-3157	linux-lts-saucy (Ubuntu Trusty)	Medium	Invalid
1561388	CVE-2016-3157	linux-lts-saucy (Ubuntu Vivid)	Undecided	Won't Fix
1561388	CVE-2016-3157	linux-lts-saucy (Ubuntu Wily)	Medium	Invalid
1561388	CVE-2016-3157	linux-lts-saucy (Ubuntu Xenial)	Medium	Invalid
1561388	CVE-2016-3157	linux-lts-quantal (Ubuntu)	Medium	Invalid
1561388	CVE-2016-3157	linux-lts-quantal (Ubuntu Precise)	Medium	Invalid
1561388	CVE-2016-3157	linux-lts-quantal (Ubuntu Trusty)	Medium	Invalid
1561388	CVE-2016-3157	linux-lts-quantal (Ubuntu Vivid)	Undecided	Won't Fix
1561388	CVE-2016-3157	linux-lts-quantal (Ubuntu Wily)	Medium	Invalid
1561388	CVE-2016-3157	linux-lts-quantal (Ubuntu Xenial)	Medium	Invalid
1561388	CVE-2016-3157	linux-lts-vivid (Ubuntu)	Medium	Invalid
1561388	CVE-2016-3157	linux-lts-vivid (Ubuntu Precise)	Medium	Invalid
1561388	CVE-2016-3157	linux-lts-vivid (Ubuntu Trusty)	Medium	Fix Released
1561388	CVE-2016-3157	linux-lts-vivid (Ubuntu Vivid)	Undecided	Won't Fix
1561388	CVE-2016-3157	linux-lts-vivid (Ubuntu Wily)	Medium	Invalid
1561388	CVE-2016-3157	linux-lts-vivid (Ubuntu Xenial)	Medium	Invalid
1561388	CVE-2016-3157	linux-mako (Ubuntu)	Medium	New
1561388	CVE-2016-3157	linux-mako (Ubuntu Precise)	Medium	Invalid
1561388	CVE-2016-3157	linux-mako (Ubuntu Trusty)	Medium	Invalid
1561388	CVE-2016-3157	linux-mako (Ubuntu Vivid)	Undecided	Won't Fix
1561388	CVE-2016-3157	linux-mako (Ubuntu Wily)	Medium	New
1561388	CVE-2016-3157	linux-mako (Ubuntu Xenial)	Medium	New
1561388	CVE-2016-3157	linux-lts-utopic (Ubuntu)	Medium	Invalid
1561388	CVE-2016-3157	linux-lts-utopic (Ubuntu Precise)	Medium	Invalid
1561388	CVE-2016-3157	linux-lts-utopic (Ubuntu Trusty)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://xenbits.xen.org...
UBUNTU: USN-2996-1
UBUNTU: USN-2997-1
CONFIRM: http://www.oracle.com/...
DEBIAN: DSA-3607
BID: 84594
UBUNTU: USN-2968-1
UBUNTU: USN-2968-2
UBUNTU: USN-2969-1
UBUNTU: USN-2970-1
UBUNTU: USN-2971-1
UBUNTU: USN-2971-2
UBUNTU: USN-2971-3
SECTRACK: 1035308