Ubuntu Security Notice 4985-1 - It was discovered that some Intel processors may not properly invalidate cache entries used by Intel Virtualization Technology for Directed I/O. This may allow a local user to perform a privilege escalation attack. Joseph Nuzman discovered that some Intel processors may not properly apply EIBRS mitigations and hence may allow unauthorized memory reads via sidechannel attacks. A local attacker could use this to expose sensitive information, including kernel memory. Various other issues were also addressed.
8bc31d621747539c46e5e1fd35acaab7eb6cb2b0e6fe103feb7507b9e86120c1