[USN-3540-1] Linux kernel vulnerabilities
Several security issues were addressed in the Linux kernel.
Jann Horn discovered that microprocessors utilizing speculative
execution and branch prediction may allow unauthorized memory
reads via sidechannel attacks. This flaw is known as Spectre. A
local attacker could use this to expose sensitive information,
including kernel memory. This update provides mitigations for the
i386 (CVE-2017-5753 only), amd64, ppc64el, and s390x architectures.
(CVE-2017-5715, CVE-2017-5753)
USN-3522-1 mitigated CVE-2017-5754 (Meltdown) for the amd64
architecture in Ubuntu 16.04 LTS. This update provides the
corresponding mitigations for the ppc64el architecture. Original
advisory details:
Jann Horn discovered that microprocessors utilizing speculative
execution and indirect branch prediction may allow unauthorized memory
reads via sidechannel attacks. This flaw is known as Meltdown. A local
attacker could use this to expose sensitive information, including
kernel memory. (CVE-2017-5754)
Package | Affected Version |
---|---|
pkg:deb/ubuntu/linux-image-extra-4.4.0-9023-euclid?distro=xenial | < 4.4.0-9023.24 |
pkg:deb/ubuntu/linux-image-extra-4.4.0-112-generic?distro=xenial | < 4.4.0-112.135 |
pkg:deb/ubuntu/linux-image-4.4.0-9023-euclid?distro=xenial | < 4.4.0-9023.24 |
pkg:deb/ubuntu/linux-image-4.4.0-112-powerpc64-smp?distro=xenial | < 4.4.0-112.135 |
pkg:deb/ubuntu/linux-image-4.4.0-112-powerpc64-emb?distro=xenial | < 4.4.0-112.135 |
pkg:deb/ubuntu/linux-image-4.4.0-112-powerpc-smp?distro=xenial | < 4.4.0-112.135 |
pkg:deb/ubuntu/linux-image-4.4.0-112-powerpc-e500mc?distro=xenial | < 4.4.0-112.135 |
pkg:deb/ubuntu/linux-image-4.4.0-112-lowlatency?distro=xenial | < 4.4.0-112.135 |
pkg:deb/ubuntu/linux-image-4.4.0-112-generic?distro=xenial | < 4.4.0-112.135 |
pkg:deb/ubuntu/linux-image-4.4.0-112-generic-lpae?distro=xenial | < 4.4.0-112.135 |
pkg:deb/ubuntu/linux-image-4.4.0-1049-aws?distro=xenial | < 4.4.0-1049.58 |
- ID
- USN-3540-1
- Severity
- critical
- URL
- https://ubuntu.com/security/notices/USN-3540-1
- Published
-
2018-01-23T00:26:16
(6 years ago) - Modified
-
2018-01-23T00:26:16
(6 years ago) - Other Advisories
-
- ALAS-2018-939
- ALAS-2018-942
- ALAS-2018-956
- ALAS2-2018-939
- ALAS2-2018-942
- ALAS2-2018-952
- ALAS2-2018-953
- ALAS2-2018-956
- ALAS2-2018-962
- ALPINE:CVE-2017-5715
- ALPINE:CVE-2017-5753
- ALPINE:CVE-2017-5754
- ASA-201801-1
- ASA-201801-10
- ASA-201801-3
- ASA-201801-4
- ASA-201801-6
- CISCO-SA-20180104-CPUSIDECHANNEL
- DSA-4078-1
- DSA-4082-1
- DSA-4120-1
- DSA-4187-1
- DSA-4188-1
- DSA-4201-1
- DSA-4213-1
- ELSA-2018-0007
- ELSA-2018-0008
- ELSA-2018-0012
- ELSA-2018-0013
- ELSA-2018-0023
- ELSA-2018-0024
- ELSA-2018-0029
- ELSA-2018-0030
- ELSA-2018-0292
- ELSA-2018-1196
- ELSA-2018-4004
- ELSA-2018-4006
- ELSA-2018-4020
- ELSA-2018-4022
- ELSA-2018-4025
- ELSA-2018-4285
- ELSA-2018-4289
- ELSA-2019-4585
- ELSA-2019-4668
- ELSA-2019-4710
- ELSA-2019-4785
- FEDORA-2018-0590e4af13
- FEDORA-2018-2b053454a4
- FEDORA-2018-690989736a
- FEDORA-2018-6c1be5e1c8
- FEDORA-2018-9f02e5ed7b
- FREEBSD:1CE95BC7-3278-11E8-B527-00012E582166
- FREEBSD:74DAA370-2797-11E8-95EC-A4BADB2F4699
- FREEBSD:FBE10A8A-05A1-11EA-9DFA-F8B156AC3FF9
- GLSA-201804-08
- GLSA-201810-06
- openSUSE-SU-2021:1212-1
- openSUSE-SU-2021:2861-1
- RHBA-2018:0042
- RHSA-2018:0016
- RHSA-2018:0023
- RHSA-2018:0151
- RHSA-2018:0512
- RHSA-2018:1062
- RHSA-2018:1319
- SSA:2018-016-01
- SSA:2018-037-01
- SSA:2018-057-01
- SUSE-SU-2018:0007-1
- SUSE-SU-2018:0008-1
- SUSE-SU-2018:0010-1
- SUSE-SU-2018:0011-1
- SUSE-SU-2018:0012-1
- SUSE-SU-2018:0019-1
- SUSE-SU-2018:0020-1
- SUSE-SU-2018:0031-1
- SUSE-SU-2018:0036-1
- SUSE-SU-2018:0039-1
- SUSE-SU-2018:0040-1
- SUSE-SU-2018:0041-1
- SUSE-SU-2018:0051-1
- SUSE-SU-2018:0056-1
- SUSE-SU-2018:0068-1
- SUSE-SU-2018:0069-1
- SUSE-SU-2018:0113-1
- SUSE-SU-2018:0114-1
- SUSE-SU-2018:0115-1
- SUSE-SU-2018:0131-1
- SUSE-SU-2018:0171-1
- SUSE-SU-2018:0180-1
- SUSE-SU-2018:0213-1
- SUSE-SU-2018:0219-1
- SUSE-SU-2018:0285-1
- SUSE-SU-2018:0383-1
- SUSE-SU-2018:0416-1
- SUSE-SU-2018:0437-1
- SUSE-SU-2018:0438-1
- SUSE-SU-2018:0472-1
- SUSE-SU-2018:0482-1
- SUSE-SU-2018:0525-1
- SUSE-SU-2018:0552-1
- SUSE-SU-2018:0552-2
- SUSE-SU-2018:0555-1
- SUSE-SU-2018:0601-1
- SUSE-SU-2018:0609-1
- SUSE-SU-2018:0638-1
- SUSE-SU-2018:0660-1
- SUSE-SU-2018:0678-1
- SUSE-SU-2018:0705-1
- SUSE-SU-2018:0708-1
- SUSE-SU-2018:0757-1
- SUSE-SU-2018:0762-1
- SUSE-SU-2018:0831-1
- SUSE-SU-2018:0838-1
- SUSE-SU-2018:0841-1
- SUSE-SU-2018:0861-1
- SUSE-SU-2018:0909-1
- SUSE-SU-2018:0920-1
- SUSE-SU-2018:0986-1
- SUSE-SU-2018:1077-1
- SUSE-SU-2018:1080-1
- SUSE-SU-2018:1295-1
- SUSE-SU-2018:1308-1
- SUSE-SU-2018:1363-1
- SUSE-SU-2018:1368-1
- SUSE-SU-2018:1376-1
- SUSE-SU-2018:1386-1
- SUSE-SU-2018:1465-1
- SUSE-SU-2018:1486-1
- SUSE-SU-2018:1498-1
- SUSE-SU-2018:1503-1
- SUSE-SU-2018:1567-1
- SUSE-SU-2018:1570-1
- SUSE-SU-2018:1571-1
- SUSE-SU-2018:1571-2
- SUSE-SU-2018:1603-1
- SUSE-SU-2018:1658-1
- SUSE-SU-2018:1699-1
- SUSE-SU-2018:1699-2
- SUSE-SU-2018:1759-1
- SUSE-SU-2018:1784-1
- SUSE-SU-2018:1822-1
- SUSE-SU-2018:2082-1
- SUSE-SU-2018:2092-1
- SUSE-SU-2018:2141-1
- SUSE-SU-2018:2150-1
- SUSE-SU-2018:2189-1
- SUSE-SU-2018:2222-1
- SUSE-SU-2018:2528-1
- SUSE-SU-2018:2631-1
- SUSE-SU-2018:2631-2
- SUSE-SU-2018:3230-1
- SUSE-SU-2019:0222-1
- SUSE-SU-2019:0765-1
- SUSE-SU-2019:1550-1
- SUSE-SU-2019:2430-1
- SUSE-SU-2021:2861-1
- SUSE-SU-2021:2862-1
- SUSE-SU-2021:3929-1
- SUSE-SU-2023:0634-1
- SUSE-SU-2023:1800-1
- SUSE-SU-2023:1801-1
- SUSE-SU-2023:1802-1
- SUSE-SU-2023:1803-1
- SUSE-SU-2023:1811-1
- SUSE-SU-2023:1848-1
- SUSE-SU-2023:1892-1
- SUSE-SU-2023:1894-1
- SUSE-SU-2023:1897-1
- SUSE-SU-2023:1992-1
- SUSE-SU-2023:2232-1
- SUSE-SU-2023:2506-1
- SUSE-SU-2023:2805-1
- USN-3516-1
- USN-3521-1
- USN-3522-1
- USN-3522-2
- USN-3523-1
- USN-3523-2
- USN-3524-1
- USN-3524-2
- USN-3525-1
- USN-3530-1
- USN-3531-1
- USN-3531-3
- USN-3540-2
- USN-3541-1
- USN-3541-2
- USN-3542-1
- USN-3542-2
- USN-3549-1
- USN-3560-1
- USN-3561-1
- USN-3580-1
- USN-3581-1
- USN-3581-2
- USN-3582-1
- USN-3582-2
- USN-3583-1
- USN-3594-1
- USN-3597-1
- USN-3597-2
- USN-3620-2
- USN-3690-1
- USN-3777-3
- VU:584653
- XSA-254
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:deb/ubuntu/linux-image-extra-4.4.0-9023-euclid?distro=xenial | ubuntu | linux-image-extra-4.4.0-9023-euclid | < 4.4.0-9023.24 | xenial | ||
Affected | pkg:deb/ubuntu/linux-image-extra-4.4.0-112-generic?distro=xenial | ubuntu | linux-image-extra-4.4.0-112-generic | < 4.4.0-112.135 | xenial | ||
Affected | pkg:deb/ubuntu/linux-image-4.4.0-9023-euclid?distro=xenial | ubuntu | linux-image-4.4.0-9023-euclid | < 4.4.0-9023.24 | xenial | ||
Affected | pkg:deb/ubuntu/linux-image-4.4.0-112-powerpc64-smp?distro=xenial | ubuntu | linux-image-4.4.0-112-powerpc64-smp | < 4.4.0-112.135 | xenial | ||
Affected | pkg:deb/ubuntu/linux-image-4.4.0-112-powerpc64-emb?distro=xenial | ubuntu | linux-image-4.4.0-112-powerpc64-emb | < 4.4.0-112.135 | xenial | ||
Affected | pkg:deb/ubuntu/linux-image-4.4.0-112-powerpc-smp?distro=xenial | ubuntu | linux-image-4.4.0-112-powerpc-smp | < 4.4.0-112.135 | xenial | ||
Affected | pkg:deb/ubuntu/linux-image-4.4.0-112-powerpc-e500mc?distro=xenial | ubuntu | linux-image-4.4.0-112-powerpc-e500mc | < 4.4.0-112.135 | xenial | ||
Affected | pkg:deb/ubuntu/linux-image-4.4.0-112-lowlatency?distro=xenial | ubuntu | linux-image-4.4.0-112-lowlatency | < 4.4.0-112.135 | xenial | ||
Affected | pkg:deb/ubuntu/linux-image-4.4.0-112-generic?distro=xenial | ubuntu | linux-image-4.4.0-112-generic | < 4.4.0-112.135 | xenial | ||
Affected | pkg:deb/ubuntu/linux-image-4.4.0-112-generic-lpae?distro=xenial | ubuntu | linux-image-4.4.0-112-generic-lpae | < 4.4.0-112.135 | xenial | ||
Affected | pkg:deb/ubuntu/linux-image-4.4.0-1049-aws?distro=xenial | ubuntu | linux-image-4.4.0-1049-aws | < 4.4.0-1049.58 | xenial |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |