Ubuntu Security Notice 5319-1 - Enrico Barberis, Pietro Frigo, Marius Muench, Herbert Bos, and Cristiano Giuffrida discovered that hardware mitigations added by Intel to their processors to address Spectre-BTI were insufficient. A local attacker could potentially use this to expose sensitive information.
bbd8d53f0e0d635954f690413934b79282175a2d88047ff74d8856d695a34df1==========================================================================
Ubuntu Security Notice USN-5319-1
March 09, 2022
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15,
linux-dell300x, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm,
ilinux-lts-xenial, linux-oracle, linux-raspi2, linux-snapdragon
vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-azure-4.15: Linux kernel for Microsoft Azure Cloud systems
- linux-dell300x: Linux kernel for Dell 300x platforms
- linux-gcp-4.15: Linux kernel for Google Cloud Platform (GCP) systems
- linux-kvm: Linux kernel for cloud environments
- linux-oracle: Linux kernel for Oracle Cloud systems
- linux-raspi2: Linux kernel for Raspberry Pi systems
- linux-snapdragon: Linux kernel for Qualcomm Snapdragon processors
- linux-aws-hwe: Linux kernel for Amazon Web Services (AWS-HWE) systems
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-hwe: Linux hardware enablement (HWE) kernel
- linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty
Details:
Enrico Barberis, Pietro Frigo, Marius Muench, Herbert Bos, and Cristiano
Giuffrida discovered that hardware mitigations added by Intel to their
processors to address Spectre-BTI were insufficient. A local attacker could
potentially use this to expose sensitive information.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
linux-image-4.15.0-1037-dell300x 4.15.0-1037.42
linux-image-4.15.0-1089-oracle 4.15.0-1089.98
linux-image-4.15.0-1105-raspi2 4.15.0-1105.112
linux-image-4.15.0-1109-kvm 4.15.0-1109.112
linux-image-4.15.0-1118-gcp 4.15.0-1118.132
linux-image-4.15.0-1122-snapdragon 4.15.0-1122.131
linux-image-4.15.0-1123-aws 4.15.0-1123.132
linux-image-4.15.0-1133-azure 4.15.0-1133.146
linux-image-4.15.0-171-generic 4.15.0-171.180
linux-image-4.15.0-171-generic-lpae 4.15.0-171.180
linux-image-4.15.0-171-lowlatency 4.15.0-171.180
linux-image-aws-lts-18.04 4.15.0.1123.126
linux-image-azure-lts-18.04 4.15.0.1133.106
linux-image-dell300x 4.15.0.1037.39
linux-image-gcp-lts-18.04 4.15.0.1118.137
linux-image-generic 4.15.0.171.160
linux-image-generic-lpae 4.15.0.171.160
linux-image-kvm 4.15.0.1109.105
linux-image-lowlatency 4.15.0.171.160
linux-image-oracle-lts-18.04 4.15.0.1089.99
linux-image-raspi2 4.15.0.1105.103
linux-image-snapdragon 4.15.0.1122.125
linux-image-virtual 4.15.0.171.160
Ubuntu 16.04 ESM:
linux-image-4.15.0-1089-oracle 4.15.0-1089.98~16.04.1
linux-image-4.15.0-1118-gcp 4.15.0-1118.132~16.04.1
linux-image-4.15.0-1123-aws-hwe 4.15.0-1123.132~16.04.1
linux-image-4.15.0-1133-azure 4.15.0-1133.146~16.04.1
linux-image-4.15.0-171-generic 4.15.0-171.180~16.04.1
linux-image-4.15.0-171-lowlatency 4.15.0-171.180~16.04.1
linux-image-4.4.0-1102-kvm 4.4.0-1102.111
linux-image-4.4.0-1137-aws 4.4.0-1137.151
linux-image-4.4.0-221-generic 4.4.0-221.254
linux-image-4.4.0-221-lowlatency 4.4.0-221.254
linux-image-aws 4.4.0.1137.142
linux-image-aws-hwe 4.15.0.1123.113
linux-image-azure 4.15.0.1133.124
linux-image-gcp 4.15.0.1118.119
linux-image-generic 4.4.0.221.228
linux-image-generic-hwe-16.04 4.15.0.171.163
linux-image-gke 4.15.0.1118.119
linux-image-kvm 4.4.0.1102.100
linux-image-lowlatency 4.4.0.221.228
linux-image-lowlatency-hwe-16.04 4.15.0.171.163
linux-image-oem 4.15.0.171.163
linux-image-oracle 4.15.0.1089.77
linux-image-virtual 4.4.0.221.228
linux-image-virtual-hwe-16.04 4.15.0.171.163
Ubuntu 14.04 ESM:
linux-image-4.15.0-1133-azure 4.15.0-1133.146~14.04.1
linux-image-4.4.0-1101-aws 4.4.0-1101.106
linux-image-4.4.0-221-generic 4.4.0-221.254~14.04.1
linux-image-4.4.0-221-lowlatency 4.4.0-221.254~14.04.1
linux-image-aws 4.4.0.1101.99
linux-image-azure 4.15.0.1133.106
linux-image-generic-lts-xenial 4.4.0.221.192
linux-image-lowlatency-lts-xenial 4.4.0.221.192
linux-image-virtual-lts-xenial 4.4.0.221.192
IMPORTANT: As part of this update, unprivileged eBPF is being
disabled by default, as it is the primary known means of exploiting
the Branch History Injection issues described above. It should be
noted that other mechanisms for exploiting the underlying issues may
be discovered. Also, this may cause issues for applications that
rely on the unprivileged eBPF functionality. Please see the knowledge
base article at https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/BHI
for more details.
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5319-1
CVE-2022-0001, CVE-2022-0002,
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/BHI
Package Information:
https://launchpad.net/ubuntu/+source/linux/4.15.0-171.180
https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1123.132
https://launchpad.net/ubuntu/+source/linux-azure-4.15/4.15.0-1133.146
https://launchpad.net/ubuntu/+source/linux-dell300x/4.15.0-1037.42
https://launchpad.net/ubuntu/+source/linux-gcp-4.15/4.15.0-1118.132
https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1109.112
https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1089.98
https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1105.112
https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1122.131
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed