CVE 2015-8709
** DISPUTED ** kernel/ptrace.c in the Linux kernel through 4.4.1 mishandles uid and gid mappings, which allows local users to gain privileges by establishing a user namespace, waiting for a root process to enter that namespace with an unsafe uid or gid, and then using the ptrace system call. NOTE: the vendor states "there is no kernel bug here."
Related bugs and status
CVE-2015-8709 (Candidate) is related to these bugs:
Bug #1527374: CVE-2015-8709
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1527374 | CVE-2015-8709 | linux (Ubuntu) | Medium | Fix Released | ||
| 1527374 | CVE-2015-8709 | linux (Ubuntu Wily) | Medium | Fix Released | ||
| 1527374 | CVE-2015-8709 | linux (Ubuntu Trusty) | Medium | Fix Released | ||
| 1527374 | CVE-2015-8709 | linux (Ubuntu Xenial) | Medium | Fix Released | ||
| 1527374 | CVE-2015-8709 | linux (Ubuntu Vivid) | Medium | Fix Released | ||
| 1527374 | CVE-2015-8709 | linux-lts-vivid (Ubuntu) | Undecided | Fix Released | ||
| 1527374 | CVE-2015-8709 | linux-lts-wily (Ubuntu) | Undecided | Fix Released | ||
| 1527374 | CVE-2015-8709 | linux-lts-utopic (Ubuntu) | Undecided | Fix Released | ||
| 1527374 | CVE-2015-8709 | linux (Ubuntu Precise) | Medium | Invalid | ||
| 1527374 | CVE-2015-8709 | linux-lts-trusty (Ubuntu Precise) | Medium | Fix Released | ||
| 1527374 | CVE-2015-8709 | linux-armadaxp (Ubuntu) | Undecided | Confirmed | ||
| 1527374 | CVE-2015-8709 | linux-goldfish (Ubuntu) | Undecided | Confirmed | ||
| 1527374 | CVE-2015-8709 | linux-lts-saucy (Ubuntu) | Medium | Won't Fix | ||
| 1527374 | CVE-2015-8709 | linux-lts-quantal (Ubuntu) | Medium | Won't Fix | ||
| 1527374 | CVE-2015-8709 | linux-flo (Ubuntu) | Undecided | Confirmed | ||
| 1527374 | CVE-2015-8709 | linux-raspi2 (Ubuntu) | Undecided | Fix Released | ||
| 1527374 | CVE-2015-8709 | linux-mako (Ubuntu) | Undecided | Confirmed | ||
| 1527374 | CVE-2015-8709 | linux-ti-omap4 (Ubuntu) | Undecided | Confirmed | ||
| 1527374 | CVE-2015-8709 | linux-lts-raring (Ubuntu) | Medium | Won't Fix | ||
| 1527374 | CVE-2015-8709 | linux-manta (Ubuntu) | Undecided | Confirmed | ||
| 1527374 | CVE-2015-8709 | linux-lts-xenial (Ubuntu) | Undecided | New | ||
| 1527374 | CVE-2015-8709 | linux-snapdragon (Ubuntu) | Undecided | New | ||
See the 
CVE page on Mitre.org
for more details.
