CVE-2018-3639 in Ubuntu

CVE-2018-3639

Priority

Medium

Description

Systems with microprocessors utilizing speculative execution and
speculative execution of memory reads before the addresses of all prior
memory writes are known may allow unauthorized disclosure of information to
an attacker with local user access via a side-channel analysis, aka
Speculative Store Bypass (SSB), Variant 4.

Ubuntu-Description

Jann Horn and Ken Johnson discovered that microprocessors utilizing
speculative execution of a memory read may allow unauthorized memory reads
via a sidechannel attack. This flaw is known as Spectre Variant 4. A local
attacker could use this to expose sensitive information, including kernel
memory.

References

Notes

tyhicks> "Variant 4"

Package

Source: linux-lts-trusty (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):	released (3.13.0-149.199~precise1)
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE

Package

Source: linux-lts-wily (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored (end-of-life)
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE

Package

Source: linux-kvm (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.4.0-1026.31)
Ubuntu 18.04 LTS (Bionic Beaver):	released (4.15.0-1010.10)
Ubuntu 18.10 (Cosmic Cuttlefish):	needs-triage

Package

Source: linux (LP Ubuntu Debian)

Upstream:	needed
Ubuntu 12.04 ESM (Precise Pangolin):	ignored (was needed ESM criteria)
Ubuntu 14.04 LTS (Trusty Tahr):	released (3.13.0-149.199)
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.4.0-127.153)
Ubuntu 18.04 LTS (Bionic Beaver):	released (4.15.0-22.24)
Ubuntu 18.10 (Cosmic Cuttlefish):	released (4.17.0-6.7)

Package

Source: linux-snapdragon (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	needs-triage
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE

Package

Source: linux-azure (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.13.0-1018.21)
Ubuntu 18.04 LTS (Bionic Beaver):	released (4.15.0-1012.12)
Ubuntu 18.10 (Cosmic Cuttlefish):	needs-triage

Package

Source: qemu (LP Ubuntu Debian)

Upstream:	needed
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	released (2.0.0+dfsg-2ubuntu1.42)
Ubuntu 16.04 LTS (Xenial Xerus):	released (1:2.5+dfsg-5ubuntu10.29)
Ubuntu 18.04 LTS (Bionic Beaver):	released (1:2.11+dfsg-1ubuntu7.2)
Ubuntu 18.10 (Cosmic Cuttlefish):	released (1:2.11+dfsg-1ubuntu10)

Patches:

Upstream:	https://git.qemu.org/?p=qemu.git;a=commit;h=d19d1f965904a533998739698020ff4ee8a103da
Upstream:	https://git.qemu.org/?p=qemu.git;a=commit;h=cfeea0c021db6234c154dbc723730e81553924ff
Upstream:	https://git.qemu.org/?p=qemu.git;a=commit;h=403503b162ffc33fb64cfefdf7b880acf41772cd

Package

Source: linux-goldfish (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored (abandoned)
Ubuntu 16.04 LTS (Xenial Xerus):	ignored (was needs-triage now end-of-life)
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE

Package

Source: linux-maguro (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored (abandoned)
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE

Package

Source: linux-lts-xenial (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	released (4.4.0-127.153~14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE

Package

Source: libvirt (LP Ubuntu Debian)

Upstream:	needed
Ubuntu 12.04 ESM (Precise Pangolin):	needed
Ubuntu 14.04 LTS (Trusty Tahr):	released (1.2.2-0ubuntu13.1.27)
Ubuntu 16.04 LTS (Xenial Xerus):	released (1.3.1-1ubuntu10.24)
Ubuntu 18.04 LTS (Bionic Beaver):	released (4.0.0-1ubuntu8.2)
Ubuntu 18.10 (Cosmic Cuttlefish):	released (4.0.0-1ubuntu11)

Patches:

Upstream:	https://libvirt.org/git/?p=libvirt.git;a=commit;h=1dbca2eccad58d91a5fd33962854f1a653638182
Upstream:	https://libvirt.org/git/?p=libvirt.git;a=commit;h=9267342206ce17f6933d57a3128cdc504d5945c9

Package

Source: linux-gke (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	ignored (was needs-triage now end-of-life)
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE

Package

Source: linux-gcp (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.13.0-1017.21)
Ubuntu 18.04 LTS (Bionic Beaver):	released (4.15.0-1008.8)
Ubuntu 18.10 (Cosmic Cuttlefish):	needs-triage

Package

Source: linux-manta (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored (abandoned)
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE

Package

Source: qemu-kvm (LP Ubuntu Debian)

Upstream:	needed
Ubuntu 12.04 ESM (Precise Pangolin):	needed
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE

Package

Source: linux-grouper (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored (abandoned)
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE

Package

Source: linux-lts-vivid (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored (end-of-life)
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE

Package

Source: linux-aws (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	released (4.4.0-1022.22)
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.4.0-1060.69)
Ubuntu 18.04 LTS (Bionic Beaver):	released (4.15.0-1009.9)
Ubuntu 18.10 (Cosmic Cuttlefish):	needs-triage

Package

Source: linux-raspi2 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	needs-triage
Ubuntu 18.04 LTS (Bionic Beaver):	needs-triage
Ubuntu 18.10 (Cosmic Cuttlefish):	needs-triage

Package

Source: linux-azure-edge (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.15.0-1012.12~16.04.2)
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE

Package

Source: linux-oem (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.13.0-1028.31)
Ubuntu 18.04 LTS (Bionic Beaver):	released (4.15.0-1006.9)
Ubuntu 18.10 (Cosmic Cuttlefish):	needs-triage

Package

Source: linux-mako (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored (abandoned)
Ubuntu 16.04 LTS (Xenial Xerus):	ignored (abandoned)
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE

Package

Source: linux-hwe-edge (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.15.0-22.24~16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE

Package

Source tree: https://github.com/bq/aquaris-E5

linux-vegetahd:

ignored (was needs-triage now end-of-life)

Package

Source: linux-euclid (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	needs-triage
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE

Package

Source: linux-lts-utopic (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored (end-of-life)
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE

Package

Source: intel-microcode (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	released (3.20180807a.0ubuntu0.14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):	released (3.20180807a.0ubuntu0.16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):	released (3.20180807a.0ubuntu0.18.04.1)
Ubuntu 18.10 (Cosmic Cuttlefish):	not-affected (3.20180807a.1)

Package

Source: linux-hwe (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.13.0-43.48~16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE

Package

Source tree: https://github.com/bq/aquaris-E4.5

linux-krillin:

ignored (was needs-triage now end-of-life)

Package

Source: linux-flo (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	ignored (abandoned)
Ubuntu 16.04 LTS (Xenial Xerus):	ignored (abandoned)
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 18.10 (Cosmic Cuttlefish):	DNE

More Information

Updated: 2018-09-12 23:14:20 UTC (commit cd5d6ec6069482c7d1403b98405a3ef6cf3ca70e)