1. Home
  2. Security Advisories
  3. Ubuntu
  4. USN-4303-2

[USN-4303-2] Linux kernel (HWE) vulnerability

Severity Medium
Affected Packages 17
CVEs 1
Info Packages Vulnerabilities

The system could be made to expose sensitive information.

USN-4303-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu
14.04 ESM.

Paulo Bonzini discovered that the KVM hypervisor implementation in the
Linux kernel could improperly let a nested (level 2) guest access the
resources of a parent (level 1) guest in certain situations. An attacker
could use this to expose sensitive information.

Package Affected Version
pkg:deb/ubuntu/linux-image-virtual-lts-xenial?distro=trusty < 4.4.0.176.155
pkg:deb/ubuntu/linux-image-powerpc64-smp-lts-xenial?distro=trusty < 4.4.0.176.155
pkg:deb/ubuntu/linux-image-powerpc64-emb-lts-xenial?distro=trusty < 4.4.0.176.155
pkg:deb/ubuntu/linux-image-powerpc-smp-lts-xenial?distro=trusty < 4.4.0.176.155
pkg:deb/ubuntu/linux-image-powerpc-e500mc-lts-xenial?distro=trusty < 4.4.0.176.155
pkg:deb/ubuntu/linux-image-lowlatency-lts-xenial?distro=trusty < 4.4.0.176.155
pkg:deb/ubuntu/linux-image-generic-lts-xenial?distro=trusty < 4.4.0.176.155
pkg:deb/ubuntu/linux-image-generic-lpae-lts-xenial?distro=trusty < 4.4.0.176.155
pkg:deb/ubuntu/linux-image-aws?distro=trusty < 4.4.0.1064.65
pkg:deb/ubuntu/linux-image-4.4.0-176-powerpc64-smp?distro=trusty < 4.4.0-176.206~14.04.1
pkg:deb/ubuntu/linux-image-4.4.0-176-powerpc64-emb?distro=trusty < 4.4.0-176.206~14.04.1
pkg:deb/ubuntu/linux-image-4.4.0-176-powerpc-smp?distro=trusty < 4.4.0-176.206~14.04.1
pkg:deb/ubuntu/linux-image-4.4.0-176-powerpc-e500mc?distro=trusty < 4.4.0-176.206~14.04.1
pkg:deb/ubuntu/linux-image-4.4.0-176-lowlatency?distro=trusty < 4.4.0-176.206~14.04.1
pkg:deb/ubuntu/linux-image-4.4.0-176-generic?distro=trusty < 4.4.0-176.206~14.04.1
pkg:deb/ubuntu/linux-image-4.4.0-176-generic-lpae?distro=trusty < 4.4.0-176.206~14.04.1
pkg:deb/ubuntu/linux-image-4.4.0-1064-aws?distro=trusty < 4.4.0-1064.68
ID
USN-4303-2
Severity
medium
URL
https://ubuntu.com/security/notices/USN-4303-2
Published
2020-03-17T01:41:31
(4 years ago)
Modified
2020-03-17T01:41:31
(4 years ago)
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:deb/ubuntu/linux-image-virtual-lts-xenial?distro=trusty ubuntu linux-image-virtual-lts-xenial < 4.4.0.176.155 trusty
Affected pkg:deb/ubuntu/linux-image-powerpc64-smp-lts-xenial?distro=trusty ubuntu linux-image-powerpc64-smp-lts-xenial < 4.4.0.176.155 trusty
Affected pkg:deb/ubuntu/linux-image-powerpc64-emb-lts-xenial?distro=trusty ubuntu linux-image-powerpc64-emb-lts-xenial < 4.4.0.176.155 trusty
Affected pkg:deb/ubuntu/linux-image-powerpc-smp-lts-xenial?distro=trusty ubuntu linux-image-powerpc-smp-lts-xenial < 4.4.0.176.155 trusty
Affected pkg:deb/ubuntu/linux-image-powerpc-e500mc-lts-xenial?distro=trusty ubuntu linux-image-powerpc-e500mc-lts-xenial < 4.4.0.176.155 trusty
Affected pkg:deb/ubuntu/linux-image-lowlatency-lts-xenial?distro=trusty ubuntu linux-image-lowlatency-lts-xenial < 4.4.0.176.155 trusty
Affected pkg:deb/ubuntu/linux-image-generic-lts-xenial?distro=trusty ubuntu linux-image-generic-lts-xenial < 4.4.0.176.155 trusty
Affected pkg:deb/ubuntu/linux-image-generic-lpae-lts-xenial?distro=trusty ubuntu linux-image-generic-lpae-lts-xenial < 4.4.0.176.155 trusty
Affected pkg:deb/ubuntu/linux-image-aws?distro=trusty ubuntu linux-image-aws < 4.4.0.1064.65 trusty
Affected pkg:deb/ubuntu/linux-image-4.4.0-176-powerpc64-smp?distro=trusty ubuntu linux-image-4.4.0-176-powerpc64-smp < 4.4.0-176.206~14.04.1 trusty
Affected pkg:deb/ubuntu/linux-image-4.4.0-176-powerpc64-emb?distro=trusty ubuntu linux-image-4.4.0-176-powerpc64-emb < 4.4.0-176.206~14.04.1 trusty
Affected pkg:deb/ubuntu/linux-image-4.4.0-176-powerpc-smp?distro=trusty ubuntu linux-image-4.4.0-176-powerpc-smp < 4.4.0-176.206~14.04.1 trusty
Affected pkg:deb/ubuntu/linux-image-4.4.0-176-powerpc-e500mc?distro=trusty ubuntu linux-image-4.4.0-176-powerpc-e500mc < 4.4.0-176.206~14.04.1 trusty
Affected pkg:deb/ubuntu/linux-image-4.4.0-176-lowlatency?distro=trusty ubuntu linux-image-4.4.0-176-lowlatency < 4.4.0-176.206~14.04.1 trusty
Affected pkg:deb/ubuntu/linux-image-4.4.0-176-generic?distro=trusty ubuntu linux-image-4.4.0-176-generic < 4.4.0-176.206~14.04.1 trusty
Affected pkg:deb/ubuntu/linux-image-4.4.0-176-generic-lpae?distro=trusty ubuntu linux-image-4.4.0-176-generic-lpae < 4.4.0-176.206~14.04.1 trusty
Affected pkg:deb/ubuntu/linux-image-4.4.0-1064-aws?distro=trusty ubuntu linux-image-4.4.0-1064-aws < 4.4.0-1064.68 trusty
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date