=========================================================================Kernel Live Patch Security Notice 0059-1
November 12, 2019

linux vulnerability
=========================================================================
A security issue affects these releases of Ubuntu:

| Series           | Base kernel  | Arch     | flavors          |
|------------------+--------------+----------+------------------|
| Ubuntu 18.04 LTS | 4.15.0       | amd64    | aws              |
| Ubuntu 18.04 LTS | 4.15.0       | amd64    | generic          |
| Ubuntu 18.04 LTS | 4.15.0       | amd64    | lowlatency       |
| Ubuntu 18.04 LTS | 4.15.0       | amd64    | oem              |
| Ubuntu 18.04 LTS | 5.0.0        | amd64    | azure            |
| Ubuntu 14.04 LTS | 4.4.0        | amd64    | generic          |
| Ubuntu 14.04 LTS | 4.4.0        | amd64    | lowlatency       |
| Ubuntu 16.04 LTS | 4.4.0        | amd64    | aws              |
| Ubuntu 16.04 LTS | 4.4.0        | amd64    | generic          |
| Ubuntu 16.04 LTS | 4.4.0        | amd64    | lowlatency       |
| Ubuntu 16.04 LTS | 4.15.0       | amd64    | azure            |
| Ubuntu 16.04 LTS | 4.15.0       | amd64    | generic          |
| Ubuntu 16.04 LTS | 4.15.0       | amd64    | lowlatency       |

Summary:

On November 12, fixes for several high-severity Intel processor CVEs were 
released into the Ubuntu kernel, accompanied by a related processor microcode
update. Due to the high complexity of the fixes and the required microcode 
update, we are unable to livepatch this set of CVEs. Please plan to reboot 
into an updated kernel as soon as possible.

The details of these CVEs follows:

CVE-2018-12207

  On an Ubuntu KVM host configured to use huge pages, a malicious KVM guest
  can cause a host machine check exception (MCE) capable of bringing down
  the host OS.

CVE-2019-0154

  On Intel processors containing an i915 graphics processing unit, it is
  possible from userspace to cause a GPU hang in certain low-power states by
  reading a specific memory-mapped IO register.
  
CVE-2019-0155

  On Intel processors containing an i915 graphics processing unit, it is
  possible to use the GPU's blitter command streamer to write to
  memory-mapped IO locations, which could be used for privilege escalation
  or to leak kernel memory.

CVE-2019-11135

  On Intel processors with support for Transactional Synchronization 
  Extensions (TSX), it is possible to exploit a transactional asynchronous
  abort (TAA) to perform a side-channel attack and leak kernel memory.

Further details on the vulnerabilities and our response can be found here:
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/TAA_MCEPSC_i915

Again, due to the high complexity of the fixes and the required microcode 
update, we are unable to livepatch this set of CVEs. Please plan to reboot 
into an updated kernel as soon as possible.

Software Description:
- linux: Linux kernel

Update instructions:

The problem can be corrected by installing an updated kernel with these
fixes and rebooting.

| Series           | Version               | Flavors                  |
|------------------+-----------------------+--------------------------|
| Ubuntu 18.04 LTS | 4.15.0-1054.55        | aws                      |
| Ubuntu 16.04 LTS | 4.4.0-1098.102        | aws                      |
| Ubuntu 18.04 LTS | 5.0.0-1025.27~18.04.1 | azure                    |
| Ubuntu 16.04 LTS | 4.15.0-1063.66        | azure                    |
| Ubuntu 18.04 LTS | 4.15.0-69.78          | generic lowlatency       |
| Ubuntu 16.04 LTS | 4.15.0-69.78~16.04.1  | generic lowlatency       |
| Ubuntu 14.04 LTS | 4.4.0-168.197~14.04.1 | generic lowlatency       |
| Ubuntu 18.04 LTS | 4.15.0-1063.72        | oem                      |
| Ubuntu 16.04 LTS | 4.4.0-168.197         | generic lowlatency       |

Support Information:

Kernels older than the levels listed above will no longer receive livepatch
updates.

References:
CVE-2018-12207, CVE-2019-0154, CVE-2019-0155, CVE-2019-11135


-- 
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

Ubuntu 0059-1: Linux kernel vulnerability

November 12, 2019
On November 12, fixes for several high-severity Intel processor CVEs were released into the Ubuntu kernel, accompanied by a related processor microcode update

Summary

Update Instructions

The problem can be corrected by installing an updated kernel with these fixes and rebooting. | Series | Version | Flavors | |------------------+-----------------------+--------------------------| | Ubuntu 18.04 LTS | 4.15.0-1054.55 | aws | | Ubuntu 16.04 LTS | 4.4.0-1098.102 | aws | | Ubuntu 18.04 LTS | 5.0.0-1025.27~18.04.1 | azure | | Ubuntu 16.04 LTS | 4.15.0-1063.66 | azure | | Ubuntu 18.04 LTS | 4.15.0-69.78 | generic lowlatency | | Ubuntu 16.04 LTS | 4.15.0-69.78~16.04.1 | generic lowlatency | | Ubuntu 14.04 LTS | 4.4.0-168.197~14.04.1 | generic lowlatency | | Ubuntu 18.04 LTS | 4.15.0-1063.72 | oem | | Ubuntu 16.04 LTS | 4.4.0-168.197 | generic lowlatency | Support Information: Kernels older than the levels listed above will no longer receive livepatch updates.

References

CVE-2018-12207, CVE-2019-0154, CVE-2019-0155, CVE-2019-11135

--

ubuntu-security-announce mailing list

ubuntu-security-announce@lists.ubuntu.com

Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

Severity
November 12, 2019

Package Information

Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved