1. Home
  2. Security Advisories
  3. Ubuntu
  4. USN-3541-2

[USN-3541-2] Linux kernel (HWE) vulnerabilities

Severity Critical
Affected Packages 9
CVEs 3
Info Packages Vulnerabilities

Several security issues were addressed in the Linux kernel.

USN-3541-1 addressed vulnerabilities in the Linux kernel for Ubuntu
17.10. This update provides the corresponding updates for the
Linux Hardware Enablement (HWE) kernel from Ubuntu 17.10 for Ubuntu
16.04 LTS.

Jann Horn discovered that microprocessors utilizing speculative
execution and branch prediction may allow unauthorized memory
reads via sidechannel attacks. This flaw is known as Spectre. A
local attacker could use this to expose sensitive information,
including kernel memory. This update provides mitigations for the
i386 (CVE-2017-5753 only), amd64, ppc64el, and s390x architectures.
(CVE-2017-5715, CVE-2017-5753)

USN-3523-2 mitigated CVE-2017-5754 (Meltdown) for the amd64
architecture in the Linux Hardware Enablement (HWE) kernel from Ubuntu
17.10 for Ubuntu 16.04 LTS. This update provides the corresponding
mitigations for the ppc64el architecture. Original advisory details:

Jann Horn discovered that microprocessors utilizing speculative
execution and indirect branch prediction may allow unauthorized memory
reads via sidechannel attacks. This flaw is known as Meltdown. A local
attacker could use this to expose sensitive information, including
kernel memory. (CVE-2017-5754)

Package Affected Version
pkg:deb/ubuntu/linux-image-extra-4.13.0-31-generic?distro=xenial < 4.13.0-31.34~16.04.1
pkg:deb/ubuntu/linux-image-extra-4.13.0-1007-gcp?distro=xenial < 4.13.0-1007.10
pkg:deb/ubuntu/linux-image-extra-4.13.0-1006-azure?distro=xenial < 4.13.0-1006.8
pkg:deb/ubuntu/linux-image-4.13.0-31-lowlatency?distro=xenial < 4.13.0-31.34~16.04.1
pkg:deb/ubuntu/linux-image-4.13.0-31-generic?distro=xenial < 4.13.0-31.34~16.04.1
pkg:deb/ubuntu/linux-image-4.13.0-31-generic-lpae?distro=xenial < 4.13.0-31.34~16.04.1
pkg:deb/ubuntu/linux-image-4.13.0-1017-oem?distro=xenial < 4.13.0-1017.18
pkg:deb/ubuntu/linux-image-4.13.0-1007-gcp?distro=xenial < 4.13.0-1007.10
pkg:deb/ubuntu/linux-image-4.13.0-1006-azure?distro=xenial < 4.13.0-1006.8
ID
USN-3541-2
Severity
critical
URL
https://ubuntu.com/security/notices/USN-3541-2
Published
2018-01-23T01:18:04
(6 years ago)
Modified
2018-01-23T01:18:04
(6 years ago)
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:deb/ubuntu/linux-image-extra-4.13.0-31-generic?distro=xenial ubuntu linux-image-extra-4.13.0-31-generic < 4.13.0-31.34~16.04.1 xenial
Affected pkg:deb/ubuntu/linux-image-extra-4.13.0-1007-gcp?distro=xenial ubuntu linux-image-extra-4.13.0-1007-gcp < 4.13.0-1007.10 xenial
Affected pkg:deb/ubuntu/linux-image-extra-4.13.0-1006-azure?distro=xenial ubuntu linux-image-extra-4.13.0-1006-azure < 4.13.0-1006.8 xenial
Affected pkg:deb/ubuntu/linux-image-4.13.0-31-lowlatency?distro=xenial ubuntu linux-image-4.13.0-31-lowlatency < 4.13.0-31.34~16.04.1 xenial
Affected pkg:deb/ubuntu/linux-image-4.13.0-31-generic?distro=xenial ubuntu linux-image-4.13.0-31-generic < 4.13.0-31.34~16.04.1 xenial
Affected pkg:deb/ubuntu/linux-image-4.13.0-31-generic-lpae?distro=xenial ubuntu linux-image-4.13.0-31-generic-lpae < 4.13.0-31.34~16.04.1 xenial
Affected pkg:deb/ubuntu/linux-image-4.13.0-1017-oem?distro=xenial ubuntu linux-image-4.13.0-1017-oem < 4.13.0-1017.18 xenial
Affected pkg:deb/ubuntu/linux-image-4.13.0-1007-gcp?distro=xenial ubuntu linux-image-4.13.0-1007-gcp < 4.13.0-1007.10 xenial
Affected pkg:deb/ubuntu/linux-image-4.13.0-1006-azure?distro=xenial ubuntu linux-image-4.13.0-1006-azure < 4.13.0-1006.8 xenial
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date