Due to the way Linux people handle security fixes, a lot of the time the code fix goes in at first, then people decide it's an exploitable vulnerability, and then they have an embargo period without public discussion so everyone[1] can release a security patch at the same time. So hopefully Ubuntu has a kernel update ready to be released and they will send it out just about now.

Unfortunately in this case Ubuntu's CVE tracker just shows "needs-triage" or "does not exist" for CVE-2016-7117.

[1] Well, most Linux systems don't get timely security patches, like most Android phones or most embedded/iot products, but you get the idea

for those wondering, Debian is mostly not vulnerable, except for the oldstable/LTS release:

https://security-tracker.debian.org/tracker/CVE-2016-7117