PublicDateAtUSN: 2020-06-10 00:00:00 UTC
Candidate: CVE-2020-10768
PublicDate: 2020-09-16 00:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10768
 https://www.openwall.com/lists/oss-security/2020/06/10/1
 https://ubuntu.com/security/notices/USN-4427-1
 https://ubuntu.com/security/notices/USN-4439-1
 https://ubuntu.com/security/notices/USN-4440-1
 https://ubuntu.com/security/notices/USN-4483-1
 https://ubuntu.com/security/notices/USN-4485-1
Description:
 A flaw was found in the Linux Kernel before 5.8-rc1 in the prctl()
 function, where it can be used to enable indirect branch speculation after
 it has been disabled. This call incorrectly reports it as being 'force
 disabled' when it is not and opens the system to Spectre v2 attacks. The
 highest threat from this vulnerability is to confidentiality.
Ubuntu-Description:
 It was discovered that the Linux kernel could incorrectly enable Indirect
 Branch Speculation after it has been disabled for a process via a prctl()
 call. A local attacker could possibly use this to expose sensitive
 information.
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N [5.5 MEDIUM]

Patches_linux:
 break-fix: 9137bb27e60e554dab694eafa4cca241fa3a694f 4d8df8cbb9156b0a0ab3f802b80cb5db57acc0bf
upstream_linux: released (5.8~rc1)
precise/esm_linux: ignored (was needs-triage ESM criteria)
trusty_linux: ignored (out of standard support)
trusty/esm_linux: ignored (was needs-triage ESM criteria)
xenial_linux: released (4.4.0-186.216)
esm-infra/xenial_linux: released (4.4.0-186.216)
bionic_linux: released (4.15.0-115.116)
eoan_linux: ignored (was pending \[5.3.0-63.57\] now end-of-life)
focal_linux: released (5.4.0-45.49)
devel_linux: not-affected (5.8.0-16.17)

Patches_linux-hwe:
upstream_linux-hwe: released (5.8~rc1)
precise/esm_linux-hwe: DNE
trusty_linux-hwe: DNE
trusty/esm_linux-hwe: DNE
xenial_linux-hwe: released (4.15.0-115.116~16.04.1)
esm-infra/xenial_linux-hwe: released (4.15.0-115.116~16.04.1)
bionic_linux-hwe: released (5.3.0-64.58~18.04.1)
eoan_linux-hwe: DNE
focal_linux-hwe: DNE
devel_linux-hwe: DNE

Patches_linux-hwe-edge:
upstream_linux-hwe-edge: released (5.8~rc1)
precise/esm_linux-hwe-edge: DNE
trusty_linux-hwe-edge: DNE
trusty/esm_linux-hwe-edge: DNE
xenial_linux-hwe-edge: ignored (was needs-triage now end-of-life)
esm-infra/xenial_linux-hwe-edge: ignored (was needs-triage now end-of-life)
bionic_linux-hwe-edge: ignored (was needs-triage now end-of-life)
eoan_linux-hwe-edge: DNE
focal_linux-hwe-edge: DNE
devel_linux-hwe-edge: DNE

Patches_linux-lts-trusty:
upstream_linux-lts-trusty: released (5.8~rc1)
precise/esm_linux-lts-trusty: ignored (was needs-triage ESM criteria)
trusty_linux-lts-trusty: DNE
trusty/esm_linux-lts-trusty: DNE
xenial_linux-lts-trusty: DNE
bionic_linux-lts-trusty: DNE
eoan_linux-lts-trusty: DNE
focal_linux-lts-trusty: DNE
devel_linux-lts-trusty: DNE

Patches_linux-lts-xenial:
upstream_linux-lts-xenial: released (5.8~rc1)
precise/esm_linux-lts-xenial: DNE
trusty_linux-lts-xenial: ignored (out of standard support)
trusty/esm_linux-lts-xenial: released (4.4.0-186.216~14.04.1)
xenial_linux-lts-xenial: DNE
bionic_linux-lts-xenial: DNE
eoan_linux-lts-xenial: DNE
focal_linux-lts-xenial: DNE
devel_linux-lts-xenial: DNE

Patches_linux-kvm:
upstream_linux-kvm: released (5.8~rc1)
precise/esm_linux-kvm: DNE
trusty_linux-kvm: DNE
trusty/esm_linux-kvm: DNE
xenial_linux-kvm: released (4.4.0-1077.84)
esm-infra/xenial_linux-kvm: released (4.4.0-1077.84)
bionic_linux-kvm: released (4.15.0-1072.73)
eoan_linux-kvm: ignored (was pending \[5.3.0-1025.27\] now end-of-life)
focal_linux-kvm: released (5.4.0-1021.21)
devel_linux-kvm: not-affected (5.8.0-1001.1)

Patches_linux-aws:
upstream_linux-aws: released (5.8~rc1)
precise/esm_linux-aws: DNE
trusty_linux-aws: ignored (out of standard support)
trusty/esm_linux-aws: released (4.4.0-1075.79)
xenial_linux-aws: released (4.4.0-1111.123)
esm-infra/xenial_linux-aws: released (4.4.0-1111.123)
bionic_linux-aws: released (4.15.0-1080.84)
eoan_linux-aws: ignored (was pending \[5.3.0-1031.33\] now end-of-life)
focal_linux-aws: released (5.4.0-1022.22)
devel_linux-aws: not-affected (5.8.0-1004.4)

Patches_linux-aws-5.0:
upstream_linux-aws-5.0: released (5.8~rc1)
precise/esm_linux-aws-5.0: DNE
trusty_linux-aws-5.0: DNE
trusty/esm_linux-aws-5.0: DNE
xenial_linux-aws-5.0: DNE
bionic_linux-aws-5.0: ignored (was needs-triage now end-of-life)
eoan_linux-aws-5.0: DNE
focal_linux-aws-5.0: DNE
devel_linux-aws-5.0: DNE

Patches_linux-aws-5.3:
upstream_linux-aws-5.3: released (5.8~rc1)
precise/esm_linux-aws-5.3: DNE
trusty_linux-aws-5.3: DNE
trusty/esm_linux-aws-5.3: DNE
xenial_linux-aws-5.3: DNE
bionic_linux-aws-5.3: released (5.3.0-1032.34~18.04.2)
eoan_linux-aws-5.3: DNE
focal_linux-aws-5.3: DNE
devel_linux-aws-5.3: DNE

Patches_linux-aws-hwe:
upstream_linux-aws-hwe: released (5.8~rc1)
precise/esm_linux-aws-hwe: DNE
trusty_linux-aws-hwe: DNE
trusty/esm_linux-aws-hwe: DNE
xenial_linux-aws-hwe: released (4.15.0-1080.84~16.04.1)
esm-infra/xenial_linux-aws-hwe: released (4.15.0-1080.84~16.04.1)
bionic_linux-aws-hwe: DNE
eoan_linux-aws-hwe: DNE
focal_linux-aws-hwe: DNE
devel_linux-aws-hwe: DNE

Patches_linux-azure:
upstream_linux-azure: released (5.8~rc1)
precise/esm_linux-azure: DNE
trusty_linux-azure: ignored (out of standard support)
trusty/esm_linux-azure: released (4.15.0-1093.103~14.04.1)
xenial_linux-azure: released (4.15.0-1093.103~16.04.1)
esm-infra/xenial_linux-azure: released (4.15.0-1093.103~16.04.1)
bionic_linux-azure: ignored (was needs-triage now end-of-life)
eoan_linux-azure: ignored (was pending \[5.3.0-1033.34\] now end-of-life)
focal_linux-azure: released (5.4.0-1023.23)
devel_linux-azure: not-affected (5.8.0-1004.4)

Patches_linux-azure-4.15:
upstream_linux-azure-4.15: released (5.8~rc1)
precise/esm_linux-azure-4.15: DNE
trusty_linux-azure-4.15: DNE
trusty/esm_linux-azure-4.15: DNE
xenial_linux-azure-4.15: DNE
bionic_linux-azure-4.15: released (4.15.0-1093.103)
eoan_linux-azure-4.15: DNE
focal_linux-azure-4.15: DNE
devel_linux-azure-4.15: DNE

Patches_linux-azure-5.3:
upstream_linux-azure-5.3: released (5.8~rc1)
precise/esm_linux-azure-5.3: DNE
trusty_linux-azure-5.3: DNE
trusty/esm_linux-azure-5.3: DNE
xenial_linux-azure-5.3: DNE
bionic_linux-azure-5.3: released (5.3.0-1034.35~18.04.1)
eoan_linux-azure-5.3: DNE
focal_linux-azure-5.3: DNE
devel_linux-azure-5.3: DNE

Patches_linux-azure-edge:
upstream_linux-azure-edge: released (5.8~rc1)
precise/esm_linux-azure-edge: DNE
trusty_linux-azure-edge: DNE
trusty/esm_linux-azure-edge: DNE
xenial_linux-azure-edge: DNE
bionic_linux-azure-edge: ignored (was needs-triage now end-of-life)
eoan_linux-azure-edge: DNE
focal_linux-azure-edge: DNE
devel_linux-azure-edge: DNE

Patches_linux-gcp:
upstream_linux-gcp: released (5.8~rc1)
precise/esm_linux-gcp: DNE
trusty_linux-gcp: DNE
trusty/esm_linux-gcp: DNE
xenial_linux-gcp: released (4.15.0-1081.92~16.04.1)
esm-infra/xenial_linux-gcp: released (4.15.0-1081.92~16.04.1)
bionic_linux-gcp: ignored (was needs-triage now end-of-life)
eoan_linux-gcp: ignored (was pending \[5.3.0-1031.33\] now end-of-life)
focal_linux-gcp: released (5.4.0-1022.22)
devel_linux-gcp: not-affected (5.8.0-1002.2)

Patches_linux-gcp-4.15:
upstream_linux-gcp-4.15: released (5.8~rc1)
precise/esm_linux-gcp-4.15: DNE
trusty_linux-gcp-4.15: DNE
trusty/esm_linux-gcp-4.15: DNE
xenial_linux-gcp-4.15: DNE
bionic_linux-gcp-4.15: released (4.15.0-1081.92)
eoan_linux-gcp-4.15: DNE
focal_linux-gcp-4.15: DNE
devel_linux-gcp-4.15: DNE

Patches_linux-gcp-5.3:
upstream_linux-gcp-5.3: released (5.8~rc1)
precise/esm_linux-gcp-5.3: DNE
trusty_linux-gcp-5.3: DNE
trusty/esm_linux-gcp-5.3: DNE
xenial_linux-gcp-5.3: DNE
bionic_linux-gcp-5.3: released (5.3.0-1032.34~18.04.1)
eoan_linux-gcp-5.3: DNE
focal_linux-gcp-5.3: DNE
devel_linux-gcp-5.3: DNE

Patches_linux-gcp-edge:
upstream_linux-gcp-edge: released (5.8~rc1)
precise/esm_linux-gcp-edge: DNE
trusty_linux-gcp-edge: DNE
trusty/esm_linux-gcp-edge: DNE
xenial_linux-gcp-edge: DNE
bionic_linux-gcp-edge: ignored (was needs-triage now end-of-life)
eoan_linux-gcp-edge: DNE
focal_linux-gcp-edge: DNE
devel_linux-gcp-edge: DNE

Patches_linux-gke-4.15:
upstream_linux-gke-4.15: released (5.8~rc1)
precise/esm_linux-gke-4.15: DNE
trusty_linux-gke-4.15: DNE
trusty/esm_linux-gke-4.15: DNE
xenial_linux-gke-4.15: DNE
bionic_linux-gke-4.15: released (4.15.0-1067.70)
eoan_linux-gke-4.15: DNE
focal_linux-gke-4.15: DNE
devel_linux-gke-4.15: DNE

Patches_linux-gke-5.0:
upstream_linux-gke-5.0: released (5.8~rc1)
precise/esm_linux-gke-5.0: DNE
trusty_linux-gke-5.0: DNE
trusty/esm_linux-gke-5.0: DNE
xenial_linux-gke-5.0: DNE
bionic_linux-gke-5.0: released (5.0.0-1045.46)
eoan_linux-gke-5.0: DNE
focal_linux-gke-5.0: DNE
devel_linux-gke-5.0: DNE

Patches_linux-gke-5.3:
upstream_linux-gke-5.3: released (5.8~rc1)
precise/esm_linux-gke-5.3: DNE
trusty_linux-gke-5.3: DNE
trusty/esm_linux-gke-5.3: DNE
xenial_linux-gke-5.3: DNE
bionic_linux-gke-5.3: released (5.3.0-1032.34~18.04.1)
eoan_linux-gke-5.3: DNE
focal_linux-gke-5.3: DNE
devel_linux-gke-5.3: DNE

Patches_linux-oracle:
upstream_linux-oracle: released (5.8~rc1)
precise/esm_linux-oracle: DNE
trusty_linux-oracle: DNE
trusty/esm_linux-oracle: DNE
xenial_linux-oracle: released (4.15.0-1051.55~16.04.1)
esm-infra/xenial_linux-oracle: released (4.15.0-1051.55~16.04.1)
bionic_linux-oracle: released (4.15.0-1051.55)
eoan_linux-oracle: ignored (was pending \[5.3.0-1029.31\] now end-of-life)
focal_linux-oracle: released (5.4.0-1022.22)
devel_linux-oracle: not-affected (5.8.0-1001.1)

Patches_linux-oracle-5.0:
upstream_linux-oracle-5.0: released (5.8~rc1)
precise/esm_linux-oracle-5.0: DNE
trusty_linux-oracle-5.0: DNE
trusty/esm_linux-oracle-5.0: DNE
xenial_linux-oracle-5.0: DNE
bionic_linux-oracle-5.0: ignored (was needs-triage now end-of-life)
eoan_linux-oracle-5.0: DNE
focal_linux-oracle-5.0: DNE
devel_linux-oracle-5.0: DNE

Patches_linux-oracle-5.3:
upstream_linux-oracle-5.3: released (5.8~rc1)
precise/esm_linux-oracle-5.3: DNE
trusty_linux-oracle-5.3: DNE
trusty/esm_linux-oracle-5.3: DNE
xenial_linux-oracle-5.3: DNE
bionic_linux-oracle-5.3: released (5.3.0-1030.32~18.04.1)
eoan_linux-oracle-5.3: DNE
focal_linux-oracle-5.3: DNE
devel_linux-oracle-5.3: DNE

Patches_linux-oem:
upstream_linux-oem: released (5.8~rc1)
precise/esm_linux-oem: DNE
trusty_linux-oem: DNE
trusty/esm_linux-oem: DNE
xenial_linux-oem: ignored (was needs-triage now end-of-life)
bionic_linux-oem: released (4.15.0-1094.104)
eoan_linux-oem: ignored (reached end-of-life)
focal_linux-oem: DNE
devel_linux-oem: DNE

Patches_linux-oem-5.6:
upstream_linux-oem-5.6: released (5.8~rc1)
precise/esm_linux-oem-5.6: DNE
trusty_linux-oem-5.6: DNE
trusty/esm_linux-oem-5.6: DNE
xenial_linux-oem-5.6: DNE
bionic_linux-oem-5.6: DNE
eoan_linux-oem-5.6: DNE
focal_linux-oem-5.6: released (5.6.0-1020.20)
devel_linux-oem-5.6: not-affected (5.6.0-1020.20)

Patches_linux-oem-osp1:
upstream_linux-oem-osp1: released (5.8~rc1)
precise/esm_linux-oem-osp1: DNE
trusty_linux-oem-osp1: DNE
trusty/esm_linux-oem-osp1: DNE
xenial_linux-oem-osp1: DNE
bionic_linux-oem-osp1: released (5.0.0-1065.70)
eoan_linux-oem-osp1: ignored (reached end-of-life)
focal_linux-oem-osp1: DNE
devel_linux-oem-osp1: DNE

Patches_linux-raspi:
upstream_linux-raspi: released (5.8~rc1)
precise/esm_linux-raspi: DNE
trusty_linux-raspi: DNE
trusty/esm_linux-raspi: DNE
xenial_linux-raspi: DNE
bionic_linux-raspi: DNE
eoan_linux-raspi: DNE
focal_linux-raspi: released (5.4.0-1016.17)
devel_linux-raspi: not-affected (5.4.0-1016.17)

Patches_linux-raspi2:
upstream_linux-raspi2: released (5.8~rc1)
precise/esm_linux-raspi2: DNE
trusty_linux-raspi2: DNE
trusty/esm_linux-raspi2: DNE
xenial_linux-raspi2: released (4.4.0-1136.145)
bionic_linux-raspi2: released (4.15.0-1068.72)
eoan_linux-raspi2: ignored (was pending \[5.3.0-1029.31\] now end-of-life)
focal_linux-raspi2: ignored (was needs-triage now end-of-life)
devel_linux-raspi2: DNE

Patches_linux-raspi2-5.3:
upstream_linux-raspi2-5.3: released (5.8~rc1)
precise/esm_linux-raspi2-5.3: DNE
trusty_linux-raspi2-5.3: DNE
trusty/esm_linux-raspi2-5.3: DNE
xenial_linux-raspi2-5.3: DNE
bionic_linux-raspi2-5.3: released (5.3.0-1030.32~18.04.2)
eoan_linux-raspi2-5.3: DNE
focal_linux-raspi2-5.3: DNE
devel_linux-raspi2-5.3: DNE

Patches_linux-riscv:
upstream_linux-riscv: released (5.8~rc1)
precise/esm_linux-riscv: DNE
trusty_linux-riscv: DNE
trusty/esm_linux-riscv: DNE
xenial_linux-riscv: DNE
bionic_linux-riscv: DNE
eoan_linux-riscv: DNE
focal_linux-riscv: released (5.4.0-31.35)
devel_linux-riscv: not-affected (5.8.0-1.1)

Patches_linux-snapdragon:
upstream_linux-snapdragon: released (5.8~rc1)
precise/esm_linux-snapdragon: DNE
trusty_linux-snapdragon: DNE
trusty/esm_linux-snapdragon: DNE
xenial_linux-snapdragon: released (4.4.0-1140.148)
bionic_linux-snapdragon: released (4.15.0-1084.92)
eoan_linux-snapdragon: DNE
focal_linux-snapdragon: DNE
devel_linux-snapdragon: DNE

Patches_linux-hwe-5.4:
upstream_linux-hwe-5.4: released (5.8~rc1)
precise/esm_linux-hwe-5.4: DNE
trusty_linux-hwe-5.4: DNE
trusty/esm_linux-hwe-5.4: DNE
xenial_linux-hwe-5.4: DNE
bionic_linux-hwe-5.4: released (5.4.0-45.49~18.04.2)
focal_linux-hwe-5.4: DNE
devel_linux-hwe-5.4: DNE

Patches_linux-raspi-5.4:
upstream_linux-raspi-5.4: released (5.8~rc1)
precise/esm_linux-raspi-5.4: DNE
trusty_linux-raspi-5.4: DNE
trusty/esm_linux-raspi-5.4: DNE
xenial_linux-raspi-5.4: DNE
bionic_linux-raspi-5.4: released (5.4.0-1016.17~18.04.1)
focal_linux-raspi-5.4: DNE
devel_linux-raspi-5.4: DNE

Patches_linux-azure-5.4:
upstream_linux-azure-5.4: released (5.8~rc1)
precise/esm_linux-azure-5.4: DNE
trusty_linux-azure-5.4: DNE
trusty/esm_linux-azure-5.4: DNE
xenial_linux-azure-5.4: DNE
bionic_linux-azure-5.4: released (5.4.0-1023.23~18.04.1)
focal_linux-azure-5.4: DNE
devel_linux-azure-5.4: DNE

Patches_linux-oracle-5.4:
upstream_linux-oracle-5.4: released (5.8~rc1)
precise/esm_linux-oracle-5.4: DNE
trusty_linux-oracle-5.4: DNE
trusty/esm_linux-oracle-5.4: DNE
xenial_linux-oracle-5.4: DNE
bionic_linux-oracle-5.4: released (5.4.0-1022.22~18.04.1)
focal_linux-oracle-5.4: DNE
devel_linux-oracle-5.4: DNE

Patches_linux-gcp-5.4:
upstream_linux-gcp-5.4: released (5.8~rc1)
precise/esm_linux-gcp-5.4: DNE
trusty_linux-gcp-5.4: DNE
trusty/esm_linux-gcp-5.4: DNE
xenial_linux-gcp-5.4: DNE
bionic_linux-gcp-5.4: released (5.4.0-1022.22~18.04.1)
focal_linux-gcp-5.4: DNE
devel_linux-gcp-5.4: DNE

Patches_linux-aws-5.4:
upstream_linux-aws-5.4: released (5.8~rc1)
precise/esm_linux-aws-5.4: DNE
trusty_linux-aws-5.4: DNE
trusty/esm_linux-aws-5.4: DNE
xenial_linux-aws-5.4: DNE
bionic_linux-aws-5.4: released (5.4.0-1022.22~18.04.1)
focal_linux-aws-5.4: DNE
devel_linux-aws-5.4: DNE