Description
Systems with microprocessors utilizing speculative execution and indirect
branch prediction may allow unauthorized disclosure of information to an
attacker with local user access via a side-channel analysis.
Ubuntu-Description
Jann Horn discovered that microprocessors utilizing speculative execution
and branch prediction may allow unauthorized memory reads via sidechannel
attacks. This flaw is known as Spectre. A local attacker could use this to
expose sensitive information, including kernel memory.
Notes
| tyhicks | Variant 2, aka "Spectre" |
| mdeslaur | intel-microcode updates were reverted in usn-3531-2 |
| tyhicks | The break-fix lines for this CVE are not complete since a large
number of patches are required to mitigate this issue. The commit(s) listed
are chosen as placeholders for automated CVE triage purposes. |
| leosilva | Due to the lack of recent CPU models in qemu and the lack of
microcode early-loading support in the precise kernel, we do not
plan on backporting support for the new flag to QEMU and libvirt
at this time. |
Package
| Upstream: | needs-triage
|
| Ubuntu 18.04 LTS: | released
(3.20180524.1~ubuntu0.18.04.1)
|
| Ubuntu 16.04 ESM: | released
(3.20180524.1~ubuntu0.16.04.1)
|
| Ubuntu 14.04 ESM: | released
(3.20180524.1~ubuntu0.14.04.1)
|
Patches:
Package
Priority: Medium
| Upstream: | released
(57.0.4)
|
| Ubuntu 18.04 LTS: | released
(59.0.1+build1-0ubuntu1)
|
| Ubuntu 16.04 ESM: | released
(57.0.4+build1-0ubuntu0.16.04.1)
|
| Ubuntu 14.04 ESM: | DNE
(trusty was released [57.0.4+build1-0ubuntu0.14.04.1])
|
Patches:
Package
| Upstream: | needs-triage
|
| Ubuntu 18.04 LTS: | not-affected
(3.20180108.1)
|
| Ubuntu 16.04 ESM: | released
(3.20180312.0~ubuntu16.04.1)
|
| Ubuntu 14.04 ESM: | released
(3.20180312.0~ubuntu14.04.1)
|
Patches:
Package
| Upstream: | needs-triage
|
| Ubuntu 18.04 LTS: | not-affected
(4.0.0-1ubuntu1)
|
| Ubuntu 16.04 ESM: | released
(1.3.1-1ubuntu10.17)
|
| Ubuntu 14.04 ESM: | released
(1.2.2-0ubuntu13.1.25)
|
Patches:
Package
| Upstream: | released
(4.15~rc8)
|
| Ubuntu 18.04 LTS: | not-affected
(4.13.0-32.35)
|
| Ubuntu 16.04 ESM: | released
(4.4.0-112.135)
|
| Ubuntu 14.04 ESM: | released
(3.13.0-141.190)
|
Patches:
Package
| Upstream: | released
(4.15~rc8)
|
| Ubuntu 18.04 LTS: | DNE
|
| Ubuntu 14.04 ESM: | DNE
|
Patches:
This package is not directly supported by the Ubuntu Security Team
Package
| Upstream: | released
(4.15~rc8)
|
| Ubuntu 18.04 LTS: | not-affected
(4.15.0-1001.1)
|
| Ubuntu 16.04 ESM: | released
(4.4.0-1049.58)
|
| Ubuntu 14.04 ESM: | released
(4.4.0-1011.11)
|
Patches:
Package
| Upstream: | released
(4.15~rc8)
|
| Ubuntu 18.04 LTS: | not-affected
(4.15.0-1002.2)
|
| Ubuntu 16.04 ESM: | released
(4.13.0-1006.8)
|
| Ubuntu 14.04 ESM: | not-affected
(4.15.0-1023.24~14.04.1)
|
Patches:
Package
| Upstream: | released
(4.15~rc8)
|
| Ubuntu 18.04 LTS: | not-affected
(4.18.0-1003.3~18.04.1)
|
| Ubuntu 14.04 ESM: | DNE
|
Patches:
Package
| Upstream: | released
(4.15~rc8)
|
| Ubuntu 18.04 LTS: | DNE
|
| Ubuntu 14.04 ESM: | DNE
|
Patches:
Package
| Upstream: | released
(4.15~rc8)
|
| Ubuntu 18.04 LTS: | DNE
|
| Ubuntu 14.04 ESM: | DNE
(trusty was ignored [abandoned])
|
Patches:
Package
| Upstream: | released
(4.15~rc8)
|
| Ubuntu 18.04 LTS: | not-affected
(4.15.0-1001.1)
|
| Ubuntu 16.04 ESM: | released
(4.13.0-1007.10)
|
| Ubuntu 14.04 ESM: | DNE
|
Patches:
Package
| Upstream: | released
(4.15~rc8)
|
| Ubuntu 18.04 LTS: | DNE
|
| Ubuntu 14.04 ESM: | DNE
|
Patches:
Package
| Upstream: | released
(4.15~rc8)
|
| Ubuntu 18.04 LTS: | DNE
|
| Ubuntu 14.04 ESM: | DNE
(trusty was ignored [abandoned])
|
Patches:
Package
| Upstream: | released
(4.15~rc8)
|
| Ubuntu 18.04 LTS: | DNE
|
| Ubuntu 14.04 ESM: | DNE
(trusty was ignored [abandoned])
|
Patches:
Package
| Upstream: | released
(4.15~rc8)
|
| Ubuntu 18.04 LTS: | not-affected
|
| Ubuntu 16.04 ESM: | released
(4.13.0-31.34~16.04.1)
|
| Ubuntu 14.04 ESM: | DNE
|
Patches:
Package
| Upstream: | released
(4.15~rc8)
|
| Ubuntu 18.04 LTS: | not-affected
(4.18.0-11.12~18.04.1)
|
| Ubuntu 16.04 ESM: | released
(4.13.0-31.34~16.04.1)
|
| Ubuntu 14.04 ESM: | DNE
|
Patches:
Package
| Upstream: | released
(4.15~rc8)
|
| Ubuntu 18.04 LTS: | not-affected
(4.15.0-1002.2)
|
| Ubuntu 16.04 ESM: | released
(4.4.0-1017.22)
|
| Ubuntu 14.04 ESM: | DNE
|
Patches:
Package
| Upstream: | released
(4.15~rc8)
|
| Ubuntu 18.04 LTS: | DNE
|
| Ubuntu 14.04 ESM: | DNE
|
Patches:
Package
| Upstream: | released
(4.15~rc8)
|
| Ubuntu 18.04 LTS: | DNE
|
| Ubuntu 14.04 ESM: | DNE
|
Patches:
Package
| Upstream: | released
(4.15~rc8)
|
| Ubuntu 18.04 LTS: | DNE
|
| Ubuntu 14.04 ESM: | DNE
|
Patches:
Package
| Upstream: | released
(4.15~rc8)
|
| Ubuntu 18.04 LTS: | DNE
|
| Ubuntu 14.04 ESM: | DNE
|
Patches:
This package is not directly supported by the Ubuntu Security Team
Package
| Upstream: | released
(4.15~rc8)
|
| Ubuntu 18.04 LTS: | DNE
|
| Ubuntu 14.04 ESM: | DNE
|
Patches:
Package
| Upstream: | released
(4.15~rc8)
|
| Ubuntu 18.04 LTS: | DNE
|
| Ubuntu 14.04 ESM: | DNE
|
Patches:
This package is not directly supported by the Ubuntu Security Team
Package
| Upstream: | released
(4.15~rc8)
|
| Ubuntu 18.04 LTS: | DNE
|
| Ubuntu 14.04 ESM: | DNE
|
Patches:
Package
| Upstream: | released
(4.15~rc8)
|
| Ubuntu 18.04 LTS: | DNE
|
| Ubuntu 14.04 ESM: | DNE
(trusty was ignored [out of standard support])
|
Patches:
Package
| Upstream: | released
(4.15~rc8)
|
| Ubuntu 18.04 LTS: | DNE
|
| Ubuntu 14.04 ESM: | DNE
(trusty was ignored [was pending now end-of-life])
|
Patches:
Package
| Upstream: | released
(4.15~rc8)
|
| Ubuntu 18.04 LTS: | DNE
|
| Ubuntu 14.04 ESM: | DNE
(trusty was ignored [out of standard support])
|
Patches:
Package
| Upstream: | released
(4.15~rc8)
|
| Ubuntu 18.04 LTS: | DNE
|
| Ubuntu 14.04 ESM: | released
(4.4.0-111.134~14.04.1)
|
Patches:
Package
| Upstream: | released
(4.15~rc8)
|
| Ubuntu 18.04 LTS: | DNE
|
| Ubuntu 14.04 ESM: | DNE
(trusty was ignored [abandoned])
|
Patches:
Package
| Upstream: | released
(4.15~rc8)
|
| Ubuntu 18.04 LTS: | DNE
|
| Ubuntu 14.04 ESM: | DNE
(trusty was ignored [abandoned])
|
Patches:
Package
| Upstream: | released
(4.15~rc8)
|
| Ubuntu 18.04 LTS: | DNE
|
| Ubuntu 14.04 ESM: | DNE
(trusty was ignored [abandoned])
|
Patches:
Package
| Upstream: | released
(4.15~rc8)
|
| Ubuntu 18.04 LTS: | not-affected
(4.15.0-1002.3)
|
| Ubuntu 14.04 ESM: | DNE
|
Patches:
Package
| Upstream: | released
(4.15~rc8)
|
| Ubuntu 18.04 LTS: | DNE
|
| Ubuntu 14.04 ESM: | DNE
|
Patches:
Package
| Upstream: | released
(4.15~rc8)
|
| Ubuntu 18.04 LTS: | not-affected
(4.15.0-1006.7)
|
| Ubuntu 14.04 ESM: | DNE
|
Patches:
Package
| Upstream: | released
(4.15~rc8)
|
| Ubuntu 18.04 LTS: | DNE
|
| Ubuntu 14.04 ESM: | DNE
|
Patches:
Package
| Upstream: | needs-triage
|
| Ubuntu 18.04 LTS: | released
(1:2.11+dfsg-1ubuntu2)
|
| Ubuntu 16.04 ESM: | released
(1:2.5+dfsg-5ubuntu10.20)
|
| Ubuntu 14.04 ESM: | released
(2.0.0+dfsg-2ubuntu1.38)
|
Patches:
Package
| Upstream: | needs-triage
|
| Ubuntu 18.04 LTS: | DNE
|
| Ubuntu 14.04 ESM: | DNE
|
Patches:
Package
| Upstream: | released
(2.18.5)
|
| Ubuntu 18.04 LTS: | not-affected
(2.18.6-1)
|
| Ubuntu 16.04 ESM: | released
(2.18.5-0ubuntu0.16.04.1)
|
| Ubuntu 14.04 ESM: | DNE
|
Patches:
Updated: 2022-04-13 13:01:19 UTC (commit f411bd370d482ef4385c4e751d121a4055fbc009)