CVE-2017-5715

Priority
Description
Systems with microprocessors utilizing speculative execution and indirect
branch prediction may allow unauthorized disclosure of information to an
attacker with local user access via a side-channel analysis.
Ubuntu-Description
Jann Horn discovered that microprocessors utilizing speculative execution
and branch prediction may allow unauthorized memory reads via sidechannel
attacks. This flaw is known as Spectre. A local attacker could use this to
expose sensitive information, including kernel memory.
References
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715
https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html
https://googleprojectzero.blogspot.co.uk/2018/01/reading-privileged-memory-with-side.html
https://spectreattack.com/
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr
http://www.amd.com/en/corporate/speculative-execution
https://developer.arm.com/support/security-update
https://www.qemu.org/2018/01/04/spectre/
https://www.qemu.org/2018/02/14/qemu-2-11-1-and-spectre-update/
https://webkitgtk.org/security/WSA-2018-0001.html
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown
https://usn.ubuntu.com/usn/usn-3516-1
https://usn.ubuntu.com/usn/usn-3530-1
https://usn.ubuntu.com/usn/usn-3531-1
https://usn.ubuntu.com/usn/usn-3531-2
https://usn.ubuntu.com/usn/usn-3542-1
https://usn.ubuntu.com/usn/usn-3542-2
https://usn.ubuntu.com/usn/usn-3540-2
https://usn.ubuntu.com/usn/usn-3540-1
https://usn.ubuntu.com/usn/usn-3541-1
https://usn.ubuntu.com/usn/usn-3541-2
https://usn.ubuntu.com/usn/usn-3549-1
https://usn.ubuntu.com/usn/usn-3560-1
https://usn.ubuntu.com/usn/usn-3561-1
https://usn.ubuntu.com/usn/usn-3580-1
https://usn.ubuntu.com/usn/usn-3581-1
https://usn.ubuntu.com/usn/usn-3581-2
https://usn.ubuntu.com/usn/usn-3582-1
https://usn.ubuntu.com/usn/usn-3582-2
https://usn.ubuntu.com/usn/usn-3594-1
https://usn.ubuntu.com/usn/usn-3597-1
https://usn.ubuntu.com/usn/usn-3597-2
https://usn.ubuntu.com/usn/usn-3531-3
https://usn.ubuntu.com/usn/usn-3620-2
https://usn.ubuntu.com/usn/usn-3690-1
https://usn.ubuntu.com/usn/usn-3777-3
Notes
tyhicksVariant 2, aka "Spectre"
mdeslaurintel-microcode updates were reverted in usn-3531-2
tyhicksThe break-fix lines for this CVE are not complete since a large
number of patches are required to mitigate this issue. The commit(s) listed
are chosen as placeholders for automated CVE triage purposes.
leosilvaDue to the lack of recent CPU models in qemu and the lack of
microcode early-loading support in the precise kernel, we do not
plan on backporting support for the new flag to QEMU and libvirt
at this time.
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):released (3.20180524.1~ubuntu0.14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):released (3.20180524.1~ubuntu0.16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):released (3.20180524.1~ubuntu0.18.04.1)
Package
Priority: Medium
Upstream:released (57.0.4)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was released [57.0.4+build1-0ubuntu0.14.04.1])
Ubuntu 16.04 LTS (Xenial Xerus):released (57.0.4+build1-0ubuntu0.16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):released (59.0.1+build1-0ubuntu1)
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):released (3.20180312.0~ubuntu14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):released (3.20180312.0~ubuntu16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (3.20180108.1)
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):ignored
Ubuntu 14.04 ESM (Trusty Tahr):released (1.2.2-0ubuntu13.1.25)
Ubuntu 16.04 LTS (Xenial Xerus):released (1.3.1-1ubuntu10.17)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (4.0.0-1ubuntu1)
Package
Source: linux (LP Ubuntu Debian)
Upstream:released (4.15~rc8)
Ubuntu 12.04 ESM (Precise Pangolin):released (3.2.0-133.179)
Ubuntu 14.04 ESM (Trusty Tahr):released (3.13.0-141.190)
Ubuntu 16.04 LTS (Xenial Xerus):released (4.4.0-112.135)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (4.13.0-32.35)
Patches:
Introduced by
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Fixed by
76b043848fd22dbf7f8bf3a1452f8c70d557b860|local-2017-5715-intel
Package
Upstream:released (4.15~rc8)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
This package is not directly supported by the Ubuntu Security Team
Package
Upstream:released (4.15~rc8)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):released (4.4.0-1011.11)
Ubuntu 16.04 LTS (Xenial Xerus):released (4.4.0-1049.58)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (4.15.0-1001.1)
Package
Upstream:released (4.15~rc8)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (4.15.0-1023.24~14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):released (4.13.0-1006.8)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (4.15.0-1002.2)
Package
Upstream:released (4.15~rc8)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (4.15.0-1002.2)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (4.18.0-1003.3~18.04.1)
Package
Upstream:released (4.15~rc8)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.4.0-9023.24)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Package
Upstream:released (4.15~rc8)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was ignored [abandoned])
Ubuntu 16.04 LTS (Xenial Xerus):ignored (abandoned)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Package
Upstream:released (4.15~rc8)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.13.0-1007.10)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (4.15.0-1001.1)
Package
Upstream:released (4.15~rc8)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):ignored (was pending now end-of-life)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Package
Upstream:released (4.15~rc8)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was ignored [abandoned])
Ubuntu 16.04 LTS (Xenial Xerus):ignored (was needs-triage now end-of-life)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Package
Upstream:released (4.15~rc8)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was ignored [abandoned])
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Package
Upstream:released (4.15~rc8)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.13.0-31.34~16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected
Package
Upstream:released (4.15~rc8)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.13.0-31.34~16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (4.18.0-11.12~18.04.1)
Product
linux-krillin:ignored (was needs-triage now end-of-life)
Package
Upstream:released (4.15~rc8)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.4.0-1017.22)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (4.15.0-1002.2)
Package
Upstream:released (4.15~rc8)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Package
Upstream:released (4.15~rc8)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Package
Upstream:released (4.15~rc8)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Package
Upstream:released (4.15~rc8)
Ubuntu 12.04 ESM (Precise Pangolin):ignored (end-of-life)
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Patches:
This package is not directly supported by the Ubuntu Security Team
Package
Upstream:released (4.15~rc8)
Ubuntu 12.04 ESM (Precise Pangolin):ignored (end-of-life)
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Package
Upstream:released (4.15~rc8)
Ubuntu 12.04 ESM (Precise Pangolin):ignored (end-of-life)
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
This package is not directly supported by the Ubuntu Security Team
Package
Upstream:released (4.15~rc8)
Ubuntu 12.04 ESM (Precise Pangolin):released (3.13.0-141.190~precise1)
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Package
Upstream:released (4.15~rc8)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was ignored [out of standard support])
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Package
Upstream:released (4.15~rc8)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was ignored [was pending now end-of-life])
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Package
Upstream:released (4.15~rc8)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was ignored [out of standard support])
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Package
Upstream:released (4.15~rc8)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):released (4.4.0-111.134~14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Package
Upstream:released (4.15~rc8)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was ignored [abandoned])
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Package
Upstream:released (4.15~rc8)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was ignored [abandoned])
Ubuntu 16.04 LTS (Xenial Xerus):ignored (abandoned)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Package
Upstream:released (4.15~rc8)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was ignored [abandoned])
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Package
Upstream:released (4.15~rc8)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.13.0-1017.18)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (4.15.0-1002.3)
Package
Upstream:released (4.15~rc8)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Package
Upstream:released (4.15~rc8)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.4.0-1085.93)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (4.15.0-1006.7)
Package
Upstream:released (4.15~rc8)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.4.0-1087.92)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected
Package
Upstream:released (4.15~rc8)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Product
linux-vegetahd:ignored (was needs-triage now end-of-life)
Package
Source: qemu (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):released (2.0.0+dfsg-2ubuntu1.38)
Ubuntu 16.04 LTS (Xenial Xerus):released (1:2.5+dfsg-5ubuntu10.20)
Ubuntu 18.04 LTS (Bionic Beaver):released (1:2.11+dfsg-1ubuntu2)
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):ignored
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Package
Upstream:released (2.18.5)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (2.18.5-0ubuntu0.16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (2.18.6-1)
More Information

Updated: 2020-07-28 20:02:06 UTC (commit d26b6ca9f5b3adb89bb036ce73ae7dab894935ec)