CVE 2017-1000255
On Linux running on PowerPC hardware (Power8 or later) a user process can craft a signal frame and then do a sigreturn so that the kernel will take an exception (interrupt), and use the r1 value *from the signal frame* as the kernel stack pointer. As part of the exception entry the content of the signal frame is written to the kernel stack, allowing an attacker to overwrite arbitrary locations with arbitrary values. The exception handling does produce an oops, and a panic if panic_on_oops=1, but only after kernel memory has been over written. This flaw was introduced in commit: "5d176f751ee3 (powerpc: tm: Enable transactional memory (TM) lazily for userspace)" which was merged upstream into v4.9-rc1. Please note that kernels built with CONFIG_
Related bugs and status
CVE-2017-1000255 (Candidate) is related to these bugs:
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1678477 | Kernel has troule recognizing Corsair Strafe RGB keyboard | linux (Ubuntu) | Medium | Fix Released | ||
1678477 | Kernel has troule recognizing Corsair Strafe RGB keyboard | linux (Ubuntu Zesty) | Undecided | Fix Released | ||
1678477 | Kernel has troule recognizing Corsair Strafe RGB keyboard | linux (Ubuntu Xenial) | Undecided | Fix Released |
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1709179 | Drop GPL from of_node_to_nid() export to match other arches | linux (Ubuntu) | High | Fix Released | ||
1709179 | Drop GPL from of_node_to_nid() export to match other arches | The Ubuntu-power-systems project | High | Fix Released | ||
1709179 | Drop GPL from of_node_to_nid() export to match other arches | linux (Ubuntu Zesty) | High | Fix Released |
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1711251 | vhost guest network randomly drops under stress (kvm) | linux (Ubuntu) | High | Fix Released | ||
1711251 | vhost guest network randomly drops under stress (kvm) | The Ubuntu-power-systems project | High | Fix Released | ||
1711251 | vhost guest network randomly drops under stress (kvm) | linux (Ubuntu Zesty) | High | Fix Released |
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1713821 | arm64 arch_timer fixes | linux (Ubuntu) | Undecided | Fix Released | ||
1713821 | arm64 arch_timer fixes | linux (Ubuntu Zesty) | Undecided | Fix Released |
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1713884 | [CIFS] Fix maximum SMB2 header size | linux (Ubuntu) | Medium | Fix Released | ||
1713884 | [CIFS] Fix maximum SMB2 header size | linux (Ubuntu Artful) | Medium | Won't Fix | ||
1713884 | [CIFS] Fix maximum SMB2 header size | linux (Ubuntu Xenial) | Medium | Fix Released | ||
1713884 | [CIFS] Fix maximum SMB2 header size | linux (Ubuntu Zesty) | Medium | Fix Released | ||
1713884 | [CIFS] Fix maximum SMB2 header size | linux (Ubuntu Vivid) | Medium | Won't Fix |
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1715073 | SRIOV: warning if unload VFs | linux (Ubuntu) | High | Fix Released | ||
1715073 | SRIOV: warning if unload VFs | The Ubuntu-power-systems project | High | Fix Released | ||
1715073 | SRIOV: warning if unload VFs | linux (Ubuntu Artful) | High | Fix Released | ||
1715073 | SRIOV: warning if unload VFs | linux (Ubuntu Zesty) | High | Fix Released |
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1715271 | Middle button of trackpoint doesn't work | linux (Ubuntu) | Critical | Fix Released | ||
1715271 | Middle button of trackpoint doesn't work | HWE Next | Critical | Fix Released | ||
1715271 | Middle button of trackpoint doesn't work | linux (Ubuntu Artful) | Critical | Won't Fix | ||
1715271 | Middle button of trackpoint doesn't work | linux (Ubuntu Xenial) | Critical | Fix Released | ||
1715271 | Middle button of trackpoint doesn't work | linux (Ubuntu Zesty) | Critical | Fix Released |
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1715812 | Neighbour confirmation broken, breaks ARP cache aging | linux (Ubuntu) | Undecided | Fix Released | ||
1715812 | Neighbour confirmation broken, breaks ARP cache aging | linux (Ubuntu Xenial) | Undecided | Fix Released | ||
1715812 | Neighbour confirmation broken, breaks ARP cache aging | linux (Ubuntu Zesty) | Undecided | Fix Released |
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1718143 | linux: 4.10.0-36.40 -proposed tracker | linux (Ubuntu) | Undecided | Invalid | ||
1718143 | linux: 4.10.0-36.40 -proposed tracker | linux (Ubuntu Zesty) | Medium | Fix Released | ||
1718143 | linux: 4.10.0-36.40 -proposed tracker | Kernel SRU Workflow | Medium | Fix Released | ||
1718143 | linux: 4.10.0-36.40 -proposed tracker | Kernel SRU Workflow automated-testing | Medium | Fix Released | ||
1718143 | linux: 4.10.0-36.40 -proposed tracker | Kernel SRU Workflow certification-testing | Medium | Fix Released | ||
1718143 | linux: 4.10.0-36.40 -proposed tracker | Kernel SRU Workflow prepare-package | Medium | Fix Released | ||
1718143 | linux: 4.10.0-36.40 -proposed tracker | Kernel SRU Workflow prepare-package-meta | Medium | Fix Released | ||
1718143 | linux: 4.10.0-36.40 -proposed tracker | Kernel SRU Workflow prepare-package-signed | Medium | Fix Released | ||
1718143 | linux: 4.10.0-36.40 -proposed tracker | Kernel SRU Workflow promote-to-proposed | Medium | Fix Released | ||
1718143 | linux: 4.10.0-36.40 -proposed tracker | Kernel SRU Workflow promote-to-security | Medium | Fix Released | ||
1718143 | linux: 4.10.0-36.40 -proposed tracker | Kernel SRU Workflow promote-to-updates | Medium | Fix Released | ||
1718143 | linux: 4.10.0-36.40 -proposed tracker | Kernel SRU Workflow regression-testing | Medium | Fix Released | ||
1718143 | linux: 4.10.0-36.40 -proposed tracker | Kernel SRU Workflow security-signoff | Medium | Fix Released | ||
1718143 | linux: 4.10.0-36.40 -proposed tracker | Kernel SRU Workflow upload-to-ppa | Medium | Invalid | ||
1718143 | linux: 4.10.0-36.40 -proposed tracker | Kernel SRU Workflow verification-testing | Medium | Fix Released |
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1721842 | CVE-2017-1000255 | linux (Ubuntu) | Undecided | Confirmed | ||
1721842 | CVE-2017-1000255 | linux (Ubuntu Artful) | Undecided | Won't Fix | ||
1721842 | CVE-2017-1000255 | linux (Ubuntu Zesty) | Undecided | Fix Released | ||
1721842 | CVE-2017-1000255 | linux-hwe (Ubuntu) | Undecided | Invalid | ||
1721842 | CVE-2017-1000255 | linux-hwe (Ubuntu Artful) | Undecided | Invalid | ||
1721842 | CVE-2017-1000255 | linux-hwe (Ubuntu Zesty) | Undecided | Invalid | ||
1721842 | CVE-2017-1000255 | linux (Ubuntu Xenial) | Undecided | Invalid | ||
1721842 | CVE-2017-1000255 | linux-hwe (Ubuntu Xenial) | Undecided | Fix Released |
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1722333 | linux-gcp: 4.10.0-1008.8 -proposed tracker | linux-gcp (Ubuntu) | Undecided | Invalid | ||
1722333 | linux-gcp: 4.10.0-1008.8 -proposed tracker | Kernel SRU Workflow | Medium | Fix Released | ||
1722333 | linux-gcp: 4.10.0-1008.8 -proposed tracker | Kernel SRU Workflow automated-testing | Medium | Fix Released | ||
1722333 | linux-gcp: 4.10.0-1008.8 -proposed tracker | Kernel SRU Workflow certification-testing | Medium | Invalid | ||
1722333 | linux-gcp: 4.10.0-1008.8 -proposed tracker | Kernel SRU Workflow prepare-package | Medium | Fix Released | ||
1722333 | linux-gcp: 4.10.0-1008.8 -proposed tracker | Kernel SRU Workflow prepare-package-meta | Medium | Fix Released | ||
1722333 | linux-gcp: 4.10.0-1008.8 -proposed tracker | Kernel SRU Workflow promote-to-proposed | Medium | Fix Released | ||
1722333 | linux-gcp: 4.10.0-1008.8 -proposed tracker | Kernel SRU Workflow promote-to-security | Medium | Fix Released | ||
1722333 | linux-gcp: 4.10.0-1008.8 -proposed tracker | Kernel SRU Workflow promote-to-updates | Medium | Fix Released | ||
1722333 | linux-gcp: 4.10.0-1008.8 -proposed tracker | Kernel SRU Workflow regression-testing | Medium | Fix Released | ||
1722333 | linux-gcp: 4.10.0-1008.8 -proposed tracker | Kernel SRU Workflow security-signoff | Medium | Fix Released | ||
1722333 | linux-gcp: 4.10.0-1008.8 -proposed tracker | Kernel SRU Workflow snap-release-to-beta | Medium | Confirmed | ||
1722333 | linux-gcp: 4.10.0-1008.8 -proposed tracker | Kernel SRU Workflow snap-release-to-candidate | Medium | New | ||
1722333 | linux-gcp: 4.10.0-1008.8 -proposed tracker | Kernel SRU Workflow snap-release-to-edge | Medium | Confirmed | ||
1722333 | linux-gcp: 4.10.0-1008.8 -proposed tracker | Kernel SRU Workflow snap-release-to-stable | Medium | Invalid | ||
1722333 | linux-gcp: 4.10.0-1008.8 -proposed tracker | Kernel SRU Workflow upload-to-ppa | Medium | Invalid | ||
1722333 | linux-gcp: 4.10.0-1008.8 -proposed tracker | Kernel SRU Workflow verification-testing | Medium | Fix Released | ||
1722333 | linux-gcp: 4.10.0-1008.8 -proposed tracker | linux-gcp (Ubuntu Xenial) | Undecided | Fix Released |
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1722334 | linux-raspi2: 4.10.0-1020.23 -proposed tracker | linux-raspi2 (Ubuntu) | Undecided | Invalid | ||
1722334 | linux-raspi2: 4.10.0-1020.23 -proposed tracker | Kernel SRU Workflow | Medium | Fix Released | ||
1722334 | linux-raspi2: 4.10.0-1020.23 -proposed tracker | Kernel SRU Workflow automated-testing | Medium | Fix Released | ||
1722334 | linux-raspi2: 4.10.0-1020.23 -proposed tracker | Kernel SRU Workflow certification-testing | Medium | Fix Released | ||
1722334 | linux-raspi2: 4.10.0-1020.23 -proposed tracker | Kernel SRU Workflow prepare-package | Medium | Fix Released | ||
1722334 | linux-raspi2: 4.10.0-1020.23 -proposed tracker | Kernel SRU Workflow prepare-package-meta | Medium | Fix Released | ||
1722334 | linux-raspi2: 4.10.0-1020.23 -proposed tracker | Kernel SRU Workflow promote-to-proposed | Medium | Fix Released | ||
1722334 | linux-raspi2: 4.10.0-1020.23 -proposed tracker | Kernel SRU Workflow promote-to-security | Medium | Fix Released | ||
1722334 | linux-raspi2: 4.10.0-1020.23 -proposed tracker | Kernel SRU Workflow promote-to-updates | Medium | Fix Released | ||
1722334 | linux-raspi2: 4.10.0-1020.23 -proposed tracker | Kernel SRU Workflow regression-testing | Medium | Invalid | ||
1722334 | linux-raspi2: 4.10.0-1020.23 -proposed tracker | Kernel SRU Workflow security-signoff | Medium | Fix Released | ||
1722334 | linux-raspi2: 4.10.0-1020.23 -proposed tracker | Kernel SRU Workflow upload-to-ppa | Medium | Invalid | ||
1722334 | linux-raspi2: 4.10.0-1020.23 -proposed tracker | Kernel SRU Workflow verification-testing | Medium | Fix Released | ||
1722334 | linux-raspi2: 4.10.0-1020.23 -proposed tracker | linux-raspi2 (Ubuntu Zesty) | Undecided | Fix Released |