CVE-2018-3646

Priority
Description
Systems with microprocessors utilizing speculative execution and address
translations may allow unauthorized disclosure of information residing in
the L1 data cache to an attacker with local user access with guest OS
privilege via a terminal page fault and a side-channel analysis.
Ubuntu-Description
It was discovered that memory present in the L1 data cache of an Intel CPU
core may be exposed to a malicious process that is executing on the CPU
core. This vulnerability is also known as L1 Terminal Fault (L1TF). A local
attacker in a guest virtual machine could use this to expose sensitive
information (memory from other guests or the host OS).
Notes
 tyhicks> A microcode update will be provided to allow the kernel to flush the
  L1D cache on VM entry. However, the kernel has a software fallback mechanism
  in place when microcode updates are not available/installed.
 tyhicks> The break-fix lines for this CVE are not complete since a large
  number of patches are required to mitigate this issue. The commit(s) listed
  are chosen as placeholders for automated CVE triage purposes.
Package
Upstream:needed
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):released (3.20180807a.0ubuntu0.14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):released (3.20180807a.0ubuntu0.16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):released (3.20180807a.0ubuntu0.18.04.1)
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected (3.20180807a.1)
Ubuntu 19.04 (Disco Dingo):not-affected (3.20180807a.1)
Package
Source: linux (LP Ubuntu Debian)
Upstream:released (4.19~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):released (3.2.0-137.183)
Ubuntu 14.04 LTS (Trusty Tahr):released (3.13.0-155.205)
Ubuntu 16.04 LTS (Xenial Xerus):released (4.4.0-133.159)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.15.0-32.35)
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected (4.17.0-9.10)
Ubuntu 19.04 (Disco Dingo):not-affected (4.18.0-10.11)
Patches:
Introduced by 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2Fixed by c595ceee45707f00f64f61c54fb64ef0cc0b4e85|local-2018-3646-fix
Package
Upstream:released (4.19~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):released (4.4.0-1027.30)
Ubuntu 16.04 LTS (Xenial Xerus):released (4.4.0-1065.75)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.15.0-1019.19)
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected (4.15.0-1020.20)
Ubuntu 19.04 (Disco Dingo):not-affected (4.18.0-1002.3)
Package
Upstream:released (4.19~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (4.15.0-1030.31~16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:released (4.19~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (4.15.0-1023.24~14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):released (4.15.0-1021.21~16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.15.0-1021.21)
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected (4.15.0-1023.24)
Ubuntu 19.04 (Disco Dingo):not-affected (4.18.0-1003.3)
Package
Upstream:released (4.19~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):pending (4.18.0-1006.6~16.04.2)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (4.18.0-1006.6~18.04.1)
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:released (4.19~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:not-affected (ARM is not affected)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):ignored (abandoned)
Ubuntu 16.04 LTS (Xenial Xerus):ignored (abandoned)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:released (4.19~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.15.0-1017.18~16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.15.0-1017.18)
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected (4.15.0-1018.19)
Ubuntu 19.04 (Disco Dingo):not-affected (4.18.0-1002.3)
Package
Upstream:released (4.19~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (4.18.0-1004.5~18.04.1)
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:released (4.19~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):ignored (was needs-triage now end-of-life)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:released (4.19~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):ignored (abandoned)
Ubuntu 16.04 LTS (Xenial Xerus):ignored (was needed now end-of-life)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:not-affected (ARM is not affected)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):ignored (abandoned)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:released (4.19~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.15.0-32.35~16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (4.18.0-13.14~18.04.1)
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:released (4.19~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.15.0-32.35~16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (4.18.0-13.14~18.04.1)
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
linux-krillin:not-affected (ARM is not affected)
Package
Upstream:released (4.19~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.4.0-1031.37)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.15.0-1019.19)
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected (4.15.0-1020.20)
Ubuntu 19.04 (Disco Dingo):not-affected (4.18.0-1003.3)
Package
Upstream:released (4.19~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):released (3.13.0-155.206~precise1)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:released (4.19~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):ignored (end-of-life)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:released (4.19~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):ignored (end-of-life)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:released (4.19~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):ignored (end-of-life)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:released (4.19~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):released (4.4.0-133.159~14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:not-affected (ARM is not affected)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):ignored (abandoned)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:not-affected (ARM is not affected)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):ignored (abandoned)
Ubuntu 16.04 LTS (Xenial Xerus):ignored (abandoned)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:not-affected (ARM is not affected)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):ignored (abandoned)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:released (4.19~rc1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):ignored (was needed now end-of-life)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.15.0-1015.18)
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected (4.15.0-1017.20)
Ubuntu 19.04 (Disco Dingo):not-affected (4.15.0-1021.24)
Package
Upstream:not-affected (ARM is not affected)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (ARM is not affected)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (ARM is not affected)
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected (ARM is not affected)
Ubuntu 19.04 (Disco Dingo):not-affected (ARM is not affected)
Package
Upstream:not-affected (ARM is not affected)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (ARM is not affected)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
linux-vegetahd:not-affected (ARM is not affected)
More Information

Updated: 2018-12-10 20:15:04 UTC (commit 3778576e82a9159cbf405de6282e964e3d62fffa)