The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the Linux kernel 4.4.22 through 4.4.28 contains extended asm statements that are incompatible with the exception table, which allows local users to obtain root access on non-SMEP platforms via a crafted application. NOTE: this vulnerability exists because of incorrect backporting of the CVE-2016-9178 patch to older kernels. Above refers to a new issue which affected some Linux stable lines, which backported 1c109fabbd51863475cd12ac206bdd249aee35af without also backporting 548acf19234dbda5a52d5a8e7e205af46e9da840. References: http://seclists.org/oss-sec/2016/q4/535 https://lwn.net/Articles/705264/ Upstream patches: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1c109fabbd51863475cd12ac206bdd249aee35af https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=548acf19234dbda5a52d5a8e7e205af46e9da840
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1415125]