pending stable kernel security updates

Tim Gardner tcanonical at
Tue Jun 24 14:45:38 UTC 2008

Kees Cook wrote:
> Hello!  I've got more pending kernel updates waiting in the
> ubuntu-security git trees now:
>                      dapper          feisty           gutsy           hardy
> CVE-2007-6282:      pending         pending         pending         pending
> CVE-2008-1615:       needed          needed          needed          needed
> CVE-2008-1673:      pending         pending         pending         pending
> CVE-2008-2136:      pending         pending         pending         pending
> CVE-2008-2137:      pending         pending         pending         pending
> CVE-2008-2148:          N/A             N/A         pending         pending
> CVE-2008-2358:          N/A         pending         pending         pending
> CVE-2008-2750:          N/A             N/A             N/A         pending
> I need help with CVE-2008-1615: the code has changed a lot between
> revisions, has been touched by the virt bits, and is pretty non-obvious
> to me.
> I'd like to publish as soon as possible after 8.04.1 is released.  To
> that end, can someone start build and boot testing?  None of the patches
> looked like ABI bumpers.
> Thanks,
> -Kees

Kees - As far as I can tell CVE-2008-1615 does not apply to
Dapper/Feisty/Gutsy/Hardy. See

The issue was introduced with commit
72fe4858544292ad64600765cb78bc02298c6b1c which was during the 2.6.25
merge window. The key is that the definition of 'iret_label' was
changed, i.e., it lost its alignment statement:

-       .quad iret_label,bad_iret
+       .quad native_iret, bad_iret

Yet the interrupt return code later on continued to use 'iret_label'
which is now unaligned (a bad thing):

leaq iret_label(%rip),%rbp

You can also read Roland McGrath's somewhat caustic commit log entry in
a57dae3aa4d00a000b5bac4238025438204c78b2 if you are in need of some humor.

Tim Gardner tim.gardner at

More information about the kernel-team mailing list