CVE-2017-5753 in Ubuntu

CVE-2017-5753

Priority

Description

Systems with microprocessors utilizing speculative execution and branch
prediction may allow unauthorized disclosure of information to an attacker
with local user access via a side-channel analysis.

Ubuntu-Description

Jann Horn discovered that microprocessors utilizing speculative execution
and branch prediction may allow unauthorized memory reads via sidechannel
attacks. This flaw is known as Spectre. A local attacker could use this to
expose sensitive information, including kernel memory.

References

Bugs

https://bugs.launchpad.net/ubuntu/+source/nvidia-graphics-drivers-384/+bug/1741807

Notes

tyhicks

Variant 1, aka "Spectre"
The break-fix lines for this CVE are not complete since a large
number of patches are required to mitigate this issue. The commit(s) listed
are chosen as placeholders for automated CVE triage purposes.

Package

Source: firefox (LP Ubuntu Debian)

Priority: Medium

Upstream:	released (57.0.4)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was released [57.0.4+build1-0ubuntu0.14.04.1])
Ubuntu 16.04 LTS (Xenial Xerus):	released (57.0.4+build1-0ubuntu0.16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):	released (59.0.1+build1-0ubuntu1)

Package

Source: linux (LP Ubuntu Debian)

Upstream:	released (4.16~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):	released (3.2.0-133.179)
Ubuntu 14.04 ESM (Trusty Tahr):	released (3.13.0-157.207)
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.4.0-112.135)
Ubuntu 18.04 LTS (Bionic Beaver):	not-affected (4.13.0-32.35)

Patches:

Break-fix:

Package

Source: linux-armadaxp (LP Ubuntu Debian)

Upstream:	released (4.16~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

This package is not directly supported by the Ubuntu Security Team

Package

Source: linux-aws (LP Ubuntu Debian)

Upstream:	released (4.16~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	released (4.4.0-1011.11)
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.4.0-1049.58)
Ubuntu 18.04 LTS (Bionic Beaver):	not-affected (4.15.0-1001.1)

Package

Source: linux-azure (LP Ubuntu Debian)

Upstream:	released (4.16~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	not-affected (4.15.0-1023.24~14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.15.0-1013.13~16.04.2)
Ubuntu 18.04 LTS (Bionic Beaver):	not-affected (4.15.0-1002.2)

Package

Source: linux-azure-edge (LP Ubuntu Debian)

Upstream:	released (4.16~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	not-affected (4.15.0-1002.2)
Ubuntu 18.04 LTS (Bionic Beaver):	not-affected (4.18.0-1004.4~18.04.1)

Package

Source: linux-euclid (LP Ubuntu Debian)

Upstream:	released (4.16~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.4.0-9023.24)
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Package

Source: linux-flo (LP Ubuntu Debian)

Upstream:	released (4.16~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was ignored [abandoned])
Ubuntu 16.04 LTS (Xenial Xerus):	ignored (abandoned)
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Package

Source: linux-gcp (LP Ubuntu Debian)

Upstream:	released (4.16~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.15.0-1014.14~16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):	not-affected (4.15.0-1001.1)

Package

Source: linux-gke (LP Ubuntu Debian)

Upstream:	released (4.16~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	ignored (was pending now end-of-life)
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Package

Source: linux-goldfish (LP Ubuntu Debian)

Upstream:	released (4.16~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was ignored [abandoned])
Ubuntu 16.04 LTS (Xenial Xerus):	ignored (was needs-triage now end-of-life)
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Package

Source: linux-grouper (LP Ubuntu Debian)

Upstream:	released (4.16~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was ignored [abandoned])
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Package

Source: linux-hwe (LP Ubuntu Debian)

Upstream:	released (4.16~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.15.0-24.26~16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):	not-affected

Package

Source: linux-hwe-edge (LP Ubuntu Debian)

Upstream:	released (4.16~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.15.0-24.26~16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):	not-affected (4.18.0-11.12~18.04.1)

Product

Source tree: https://github.com/bq/aquaris-E4.5

linux-krillin:

ignored (was needs-triage now end-of-life)

Package

Source: linux-kvm (LP Ubuntu Debian)

Upstream:	released (4.16~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.4.0-1017.22)
Ubuntu 18.04 LTS (Bionic Beaver):	not-affected (4.15.0-1002.2)

Package

Source: linux-linaro-omap (LP Ubuntu Debian)

Upstream:	released (4.16~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Package

Source: linux-linaro-shared (LP Ubuntu Debian)

Upstream:	released (4.16~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Package

Source: linux-linaro-vexpress (LP Ubuntu Debian)

Upstream:	released (4.16~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Package

Source: linux-lts-quantal (LP Ubuntu Debian)

Upstream:	released (4.16~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):	ignored (end-of-life)
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

This package is not directly supported by the Ubuntu Security Team

Package

Source: linux-lts-raring (LP Ubuntu Debian)

Upstream:	released (4.16~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):	ignored (end-of-life)
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Package

Source: linux-lts-saucy (LP Ubuntu Debian)

Upstream:	released (4.16~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):	ignored (end-of-life)
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

This package is not directly supported by the Ubuntu Security Team

Package

Source: linux-lts-trusty (LP Ubuntu Debian)

Upstream:	released (4.16~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):	released (3.13.0-157.207~precise1)
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Package

Source: linux-lts-utopic (LP Ubuntu Debian)

Upstream:	released (4.16~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was ignored [out of standard support])
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Package

Source: linux-lts-vivid (LP Ubuntu Debian)

Upstream:	released (4.16~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was ignored [was pending now end-of-life])
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Package

Source: linux-lts-wily (LP Ubuntu Debian)

Upstream:	released (4.16~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was ignored [out of standard support])
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Package

Source: linux-lts-xenial (LP Ubuntu Debian)

Upstream:	released (4.16~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	released (4.4.0-111.134~14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Package

Source: linux-maguro (LP Ubuntu Debian)

Upstream:	released (4.16~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was ignored [abandoned])
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Package

Source: linux-mako (LP Ubuntu Debian)

Upstream:	released (4.16~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was ignored [abandoned])
Ubuntu 16.04 LTS (Xenial Xerus):	ignored (abandoned)
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Package

Source: linux-manta (LP Ubuntu Debian)

Upstream:	released (4.16~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was ignored [abandoned])
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Package

Source: linux-oem (LP Ubuntu Debian)

Upstream:	released (4.16~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.13.0-1017.18)
Ubuntu 18.04 LTS (Bionic Beaver):	not-affected (4.15.0-1002.3)

Package

Source: linux-qcm-msm (LP Ubuntu Debian)

Upstream:	released (4.16~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Package

Source: linux-raspi2 (LP Ubuntu Debian)

Upstream:	released (4.16~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.4.0-1085.93)
Ubuntu 18.04 LTS (Bionic Beaver):	not-affected (4.15.0-1006.7)

Package

Source: linux-snapdragon (LP Ubuntu Debian)

Upstream:	released (4.16~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.4.0-1087.92)
Ubuntu 18.04 LTS (Bionic Beaver):	not-affected

Package

Source: linux-ti-omap4 (LP Ubuntu Debian)

Upstream:	released (4.16~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Product

Source tree: https://github.com/bq/aquaris-E5

linux-vegetahd:

ignored (was needs-triage now end-of-life)

Package

Source: nvidia-graphics-drivers-384 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was released [384.111-0ubuntu0.14.04.1])
Ubuntu 16.04 LTS (Xenial Xerus):	released (384.111-0ubuntu0.16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):	released (384.111-0ubuntu1)

Package

Source: webkit2gtk (LP Ubuntu Debian)

Upstream:	released (2.18.5)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	released (2.18.5-0ubuntu0.16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):	not-affected (2.18.6-1)

More Information

Updated: 2021-02-20 10:43:40 UTC (commit 8af355cec8a5a0247d3d552c6849ca6ed7c1e65c)