Twenty Year Anniversary

Kernel Live Patch Security Notice LSN-0035-1

Kernel Live Patch Security Notice LSN-0035-1
Posted Feb 23, 2018
Authored by Benjamin M. Romer

On February 22, fixes for CVE-2017-5715 were released into the Ubuntu Xenial kernel version 4.4.0-116.140. This CVE, also known as "Spectre," is caused by flaws in the design of speculative execution hardware in the computer's CPU, and could be used to access sensitive information in kernel memory.

tags | advisory, kernel
systems | linux, ubuntu
advisories | CVE-2017-5715
MD5 | 95a67778ff266fb5d137537edcd1a426

Kernel Live Patch Security Notice LSN-0035-1

Change Mirror Download
==========================================================================
Kernel Live Patch Security Notice LSN-0035-1
February 22, 2018

linux vulnerability
==========================================================================

A security issue affects these releases of Ubuntu:

| Series | Base kernel | Arch | flavors |
|------------------+--------------+----------+------------------|
| Ubuntu 16.04 LTS | 4.4.0 | amd64 | generic |
| Ubuntu 16.04 LTS | 4.4.0 | amd64 | lowlatency |
| Ubuntu 14.04 LTS | 4.4.0 | amd64 | generic |
| Ubuntu 14.04 LTS | 4.4.0 | amd64 | lowlatency |

Summary:

On February 22, fixes for CVE-2017-5715 were released into the Ubuntu Xenial
kernel version 4.4.0-116.140. This CVE, also known as "Spectre," is caused
by flaws in the design of speculative execution hardware in the computer's
CPU, and could be used to access sensitive information in kernel memory.

The mitigation for "Spectre" is accomplished using retpoline, a new compiler
feature that prevents speculation when an indirect call is made. Unfortunately,
it is not possible to generate a livepatch when a compiler change is required
by a fix, as livepatches must be generated with the same compiler as the
target kernel. Please plan to reboot into kernel version 4.4.0-116.140 or
newer as soon as possible.

Additional details on the vulnerability and our response can be found here:
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown

Software Description:
- linux: Linux kernel

Update instructions:

The problem can be corrected by installing an updated kernel with these
fixes and rebooting.

References:
CVE-2017-5715

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

October 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    26 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    2 Files
  • 7
    Oct 7th
    3 Files
  • 8
    Oct 8th
    23 Files
  • 9
    Oct 9th
    16 Files
  • 10
    Oct 10th
    15 Files
  • 11
    Oct 11th
    19 Files
  • 12
    Oct 12th
    16 Files
  • 13
    Oct 13th
    2 Files
  • 14
    Oct 14th
    2 Files
  • 15
    Oct 15th
    15 Files
  • 16
    Oct 16th
    20 Files
  • 17
    Oct 17th
    19 Files
  • 18
    Oct 18th
    21 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close