CVE-2018-3639

Priority
Description
Systems with microprocessors utilizing speculative execution and
speculative execution of memory reads before the addresses of all prior
memory writes are known may allow unauthorized disclosure of information to
an attacker with local user access via a side-channel analysis, aka
Speculative Store Bypass (SSB), Variant 4.
Ubuntu-Description
Jann Horn and Ken Johnson discovered that microprocessors utilizing
speculative execution of a memory read may allow unauthorized memory reads
via a sidechannel attack. This flaw is known as Spectre Variant 4. A local
attacker could use this to expose sensitive information, including kernel
memory.
References
Notes
 tyhicks> "Variant 4"
 tyhicks> The break-fix lines for this CVE are not complete since a large
  number of patches are required to mitigate this issue. The commit(s) listed
  are chosen as placeholders for automated CVE triage purposes.
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):released (3.20180807a.0ubuntu0.14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):released (3.20180807a.0ubuntu0.16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):released (3.20180807a.0ubuntu0.18.04.1)
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected (3.20180807a.1)
Ubuntu 19.04 (Disco Dingo):not-affected (3.20180807a.1)
Ubuntu 19.10 (Eoan):not-affected (3.20180807a.1)
Package
Upstream:needed
Ubuntu 12.04 ESM (Precise Pangolin):needed
Ubuntu 14.04 ESM (Trusty Tahr):released (1.2.2-0ubuntu13.1.27)
Ubuntu 16.04 LTS (Xenial Xerus):released (1.3.1-1ubuntu10.24)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.0.0-1ubuntu8.2)
Ubuntu 18.10 (Cosmic Cuttlefish):released (4.0.0-1ubuntu11)
Ubuntu 19.04 (Disco Dingo):released (4.0.0-1ubuntu11)
Ubuntu 19.10 (Eoan):released (4.0.0-1ubuntu11)
Patches:
Upstream:https://libvirt.org/git/?p=libvirt.git;a=commit;h=1dbca2eccad58d91a5fd33962854f1a653638182
Upstream:https://libvirt.org/git/?p=libvirt.git;a=commit;h=9267342206ce17f6933d57a3128cdc504d5945c9
Package
Source: linux (LP Ubuntu Debian)
Upstream:released (4.17~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):ignored (was needed ESM criteria)
Ubuntu 14.04 ESM (Trusty Tahr):released (3.13.0-149.199)
Ubuntu 16.04 LTS (Xenial Xerus):released (4.4.0-127.153)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.15.0-22.24)
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected (4.15.0-22.24)
Ubuntu 19.04 (Disco Dingo):not-affected (4.18.0-10.11)
Ubuntu 19.10 (Eoan):not-affected (5.0.0-13.14)
Patches:
Introduced by 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2Fixed by 885f82bfbc6fefb6664ea27965c3ab9ac4194b8c|local-2018-3639-fix
Package
Upstream:released (4.17~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):released (4.4.0-1022.22)
Ubuntu 16.04 LTS (Xenial Xerus):released (4.4.0-1060.69)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.15.0-1009.9)
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected (4.15.0-1009.9)
Ubuntu 19.04 (Disco Dingo):not-affected (4.18.0-1002.3)
Ubuntu 19.10 (Eoan):not-affected (5.0.0-1004.4)
Package
Upstream:released (4.17~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (4.15.0-1030.31~16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:released (4.17~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (4.15.0-1023.24~14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):released (4.13.0-1018.21)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.15.0-1012.12)
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected (4.15.0-1012.12)
Ubuntu 19.04 (Disco Dingo):not-affected (4.18.0-1003.3)
Ubuntu 19.10 (Eoan):not-affected (5.0.0-1004.4)
Package
Upstream:released (4.17~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.13.0-1018.21)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (4.18.0-1006.6~18.04.1)
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:released (4.17~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):ignored (was needs-triage ESM criteria)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:released (4.17~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was ignored [abandoned])
Ubuntu 16.04 LTS (Xenial Xerus):ignored (abandoned)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:released (4.17~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.13.0-1017.21)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.15.0-1008.8)
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected (4.15.0-1008.8)
Ubuntu 19.04 (Disco Dingo):not-affected (4.18.0-1002.3)
Ubuntu 19.10 (Eoan):not-affected (5.0.0-1004.4)
Package
Upstream:released (4.17~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (4.18.0-1004.5~18.04.1)
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:released (4.17~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):ignored (was needs-triage now end-of-life)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:released (4.17~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was ignored [abandoned])
Ubuntu 16.04 LTS (Xenial Xerus):ignored (was needs-triage now end-of-life)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:released (4.17~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was ignored [abandoned])
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:released (4.17~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.13.0-43.48~16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (4.18.0-13.14~18.04.1)
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:released (4.17~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.13.0-43.48~16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (4.18.0-13.14~18.04.1)
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Source tree: https://github.com/bq/aquaris-E4.5
linux-krillin:ignored (was needs-triage now end-of-life)
Package
Upstream:released (4.17~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.4.0-1026.31)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.15.0-1010.10)
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected (4.15.0-1010.10)
Ubuntu 19.04 (Disco Dingo):not-affected (4.18.0-1003.3)
Ubuntu 19.10 (Eoan):not-affected (5.0.0-1004.4)
Package
Upstream:released (4.17~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):released (3.13.0-149.199~precise1)
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:released (4.17~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was ignored [end-of-life])
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:released (4.17~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was ignored [end-of-life])
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:released (4.17~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was ignored [end-of-life])
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:released (4.17~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):released (4.4.0-127.153~14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:released (4.17~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was ignored [abandoned])
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:released (4.17~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was ignored [abandoned])
Ubuntu 16.04 LTS (Xenial Xerus):ignored (abandoned)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:released (4.17~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was ignored [abandoned])
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:released (4.17~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.13.0-1028.31)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.15.0-1006.9)
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected (4.15.0-1006.9)
Ubuntu 19.04 (Disco Dingo):not-affected (4.15.0-1021.24)
Ubuntu 19.10 (Eoan):not-affected (4.15.0-1035.40)
Package
Upstream:released (4.17~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (4.15.0-1007.9~16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (4.15.0-1007.9)
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected (4.15.0-1007.9)
Ubuntu 19.04 (Disco Dingo):not-affected (4.15.0-1007.9)
Ubuntu 19.10 (Eoan):not-affected (4.15.0-1011.13)
Package
Upstream:released (4.17~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.4.0-1091.99)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.15.0-1012.13)
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected (4.15.0-1021.23)
Ubuntu 19.04 (Disco Dingo):not-affected (4.18.0-1005.7)
Ubuntu 19.10 (Eoan):not-affected (5.0.0-1006.6)
Package
Upstream:released (4.17~rc7)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.4.0-1094.99)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.15.0-1053.57)
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):not-affected (5.0.0-1010.10)
Ubuntu 19.10 (Eoan):not-affected (5.0.0-1010.10)
Package
Source tree: https://github.com/bq/aquaris-E5
linux-vegetahd:ignored (was needs-triage now end-of-life)
Package
Source: qemu (LP Ubuntu Debian)
Upstream:needed
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):released (2.0.0+dfsg-2ubuntu1.42)
Ubuntu 16.04 LTS (Xenial Xerus):released (1:2.5+dfsg-5ubuntu10.29)
Ubuntu 18.04 LTS (Bionic Beaver):released (1:2.11+dfsg-1ubuntu7.2)
Ubuntu 18.10 (Cosmic Cuttlefish):released (1:2.11+dfsg-1ubuntu10)
Ubuntu 19.04 (Disco Dingo):released (1:2.11+dfsg-1ubuntu10)
Ubuntu 19.10 (Eoan):released (1:2.11+dfsg-1ubuntu10)
Patches:
Upstream:https://git.qemu.org/?p=qemu.git;a=commit;h=d19d1f965904a533998739698020ff4ee8a103da
Upstream:https://git.qemu.org/?p=qemu.git;a=commit;h=cfeea0c021db6234c154dbc723730e81553924ff
Upstream:https://git.qemu.org/?p=qemu.git;a=commit;h=403503b162ffc33fb64cfefdf7b880acf41772cd
Package
Upstream:needed
Ubuntu 12.04 ESM (Precise Pangolin):needed
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
More Information

Updated: 2019-07-09 18:14:32 UTC (commit c053ba3ac3ed8c7a79731fa494653a052f143efb)