Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2019.1710.2
Linux kernel vulnerabilities
15 May 2019
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: linux kernel
Publisher: Ubuntu
Operating System: Ubuntu
Impact/Access: Execute Arbitrary Code/Commands -- Existing Account
Access Privileged Data -- Existing Account
Denial of Service -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2019-11683 CVE-2019-11091 CVE-2019-9503
CVE-2019-9500 CVE-2019-3887 CVE-2019-3882
CVE-2019-3874 CVE-2019-1999 CVE-2018-16884
CVE-2018-12130 CVE-2018-12127 CVE-2018-12126
Reference: ASB-2019.0138
ESB-2019.1705
ESB-2019.1126
ESB-2019.0675
Original Bulletin:
https://usn.ubuntu.com/3979-1/
https://usn.ubuntu.com/3980-1/
https://usn.ubuntu.com/3980-2/
https://usn.ubuntu.com/3981-1/
https://usn.ubuntu.com/3981-2/
https://usn.ubuntu.com/3982-1/
https://usn.ubuntu.com/3982-2/
https://usn.ubuntu.com/3983-1/
https://usn.ubuntu.com/3983-2/
https://usn.ubuntu.com/3984-1/
Comment: This bulletin contains ten (10) Ubuntu security advisories.
Revision History: May 15 2019: Added USN-3981-2, USN-3983-2, USN-3984-1
May 15 2019: Initial Release
- --------------------------BEGIN INCLUDED TEXT--------------------
USN-3979-1: Linux kernel vulnerabilities
14 May 2019
linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-raspi2 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
o Ubuntu 19.04
Summary
Several security issues were fixed in the Linux kernel.
Software Description
o linux - Linux kernel
o linux-aws - Linux kernel for Amazon Web Services (AWS) systems
o linux-azure - Linux kernel for Microsoft Azure Cloud systems
o linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems
o linux-kvm - Linux kernel for cloud environments
o linux-raspi2 - Linux kernel for Raspberry Pi 2
Details
Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan
Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa
Milburn, Sebastian A sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos,
Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered
that memory previously stored in microarchitectural fill buffers of an Intel
CPU core may be exposed to a malicious process that is executing on the same
CPU core. A local attacker could use this to expose sensitive information.
(CVE-2018-12130)
Brandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan van
Schaik, Alyssa Milburn, Sebastian A sterlund, Pietro Frigo, Kaveh Razavi,
Herbert Bos, and Cristiano Giuffrida discovered that memory previously stored
in microarchitectural load ports of an Intel CPU core may be exposed to a
malicious process that is executing on the same CPU core. A local attacker
could use this to expose sensitive information. (CVE-2018-12127)
Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel
Moghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel
Gruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory
previously stored in microarchitectural store buffers of an Intel CPU core may
be exposed to a malicious process that is executing on the same CPU core. A
local attacker could use this to expose sensitive information. (CVE-2018-12126)
Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur, Moritz
Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa Milburn,
Sebastian A sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano
Giuffrida discovered that uncacheable memory previously stored in
microarchitectural buffers of an Intel CPU core may be exposed to a malicious
process that is executing on the same CPU core. A local attacker could use this
to expose sensitive information. (CVE-2019-11091)
It was discovered that the IPv4 generic receive offload (GRO) for UDP
implementation in the Linux kernel did not properly handle padded packets. A
remote attacker could use this to cause a denial of service (system crash).
(CVE-2019-11683)
It was discovered that a race condition existed in the Binder IPC driver for
the Linux kernel. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2019-1999)
Matteo Croce, Natale Vinto, and Andrea Spagnolo discovered that the cgroups
subsystem of the Linux kernel did not properly account for SCTP socket buffers.
A local attacker could use this to cause a denial of service (system crash).
(CVE-2019-3874)
Alex Williamson discovered that the vfio subsystem of the Linux kernel did not
properly limit DMA mappings. A local attacker could use this to cause a denial
of service (memory exhaustion). (CVE-2019-3882)
Marc Orr discovered that the KVM hypervisor implementation in the Linux kernel
did not properly restrict APIC MSR register values when nested virtualization
is used. An attacker in a guest vm could use this to cause a denial of service
(host OS crash). (CVE-2019-3887)
Hugues Anguelkov discovered that the Broadcom Wifi driver in the Linux kernel
contained a head puffer overflow. A physically proximate attacker could use
this to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2019-9500)
Hugues Anguelkov discovered that the Broadcom Wifi driver in the Linux kernel
did not properly prevent remote firmware events from being processed for USB
Wifi devices. A physically proximate attacker could use this to send firmware
events to the device. (CVE-2019-9503)
Update instructions
The problem can be corrected by updating your system to the following package
versions:
Ubuntu 19.04
linux-image-5.0.0-1006-aws - 5.0.0-1006.6
linux-image-5.0.0-1006-azure - 5.0.0-1006.6
linux-image-5.0.0-1006-gcp - 5.0.0-1006.6
linux-image-5.0.0-1006-kvm - 5.0.0-1006.6
linux-image-5.0.0-1008-raspi2 - 5.0.0-1008.8
linux-image-5.0.0-15-generic - 5.0.0-15.16
linux-image-5.0.0-15-generic-lpae - 5.0.0-15.16
linux-image-5.0.0-15-lowlatency - 5.0.0-15.16
linux-image-aws - 5.0.0.1006.6
linux-image-azure - 5.0.0.1006.6
linux-image-gcp - 5.0.0.1006.6
linux-image-generic - 5.0.0.15.16
linux-image-generic-lpae - 5.0.0.15.16
linux-image-gke - 5.0.0.1006.6
linux-image-kvm - 5.0.0.1006.6
linux-image-lowlatency - 5.0.0.15.16
linux-image-raspi2 - 5.0.0.1008.5
linux-image-virtual - 5.0.0.15.16
To update your system, please follow these instructions: https://
wiki.ubuntu.com/Security/Upgrades .
After a standard system update you need to reboot your computer to make all the
necessary changes.
Please note that fully mitigating the Microarchitectural Data Sampling (MDS)
issues (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091)
requires corresponding processor microcode/firmware updates or, in virtual
environments, hypervisor updates.
References
o CVE-2018-12126
o CVE-2018-12127
o CVE-2018-12130
o CVE-2019-11091
o CVE-2019-11683
o CVE-2019-1999
o CVE-2019-3874
o CVE-2019-3882
o CVE-2019-3887
o CVE-2019-9500
o CVE-2019-9503
o https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/MDS
- ----------------------------------------------------------------------------
USN-3980-1: Linux kernel vulnerabilities
14 May 2019
linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-raspi2 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
o Ubuntu 18.10
Summary
Several security issues were fixed in the Linux kernel.
Software Description
o linux - Linux kernel
o linux-aws - Linux kernel for Amazon Web Services (AWS) systems
o linux-azure - Linux kernel for Microsoft Azure Cloud systems
o linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems
o linux-kvm - Linux kernel for cloud environments
o linux-raspi2 - Linux kernel for Raspberry Pi 2
Details
Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan
Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa
Milburn, Sebastian A sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos,
Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered
that memory previously stored in microarchitectural fill buffers of an Intel
CPU core may be exposed to a malicious process that is executing on the same
CPU core. A local attacker could use this to expose sensitive information.
(CVE-2018-12130)
Brandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan van
Schaik, Alyssa Milburn, Sebastian A sterlund, Pietro Frigo, Kaveh Razavi,
Herbert Bos, and Cristiano Giuffrida discovered that memory previously stored
in microarchitectural load ports of an Intel CPU core may be exposed to a
malicious process that is executing on the same CPU core. A local attacker
could use this to expose sensitive information. (CVE-2018-12127)
Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel
Moghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel
Gruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory
previously stored in microarchitectural store buffers of an Intel CPU core may
be exposed to a malicious process that is executing on the same CPU core. A
local attacker could use this to expose sensitive information. (CVE-2018-12126)
Vasily Averin and Evgenii Shatokhin discovered that a use-after-free
vulnerability existed in the NFS41+ subsystem when multiple network namespaces
are in use. A local attacker in a container could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2018-16884)
Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur, Moritz
Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa Milburn,
Sebastian A sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano
Giuffrida discovered that uncacheable memory previously stored in
microarchitectural buffers of an Intel CPU core may be exposed to a malicious
process that is executing on the same CPU core. A local attacker could use this
to expose sensitive information. (CVE-2019-11091)
Matteo Croce, Natale Vinto, and Andrea Spagnolo discovered that the cgroups
subsystem of the Linux kernel did not properly account for SCTP socket buffers.
A local attacker could use this to cause a denial of service (system crash).
(CVE-2019-3874)
Alex Williamson discovered that the vfio subsystem of the Linux kernel did not
properly limit DMA mappings. A local attacker could use this to cause a denial
of service (memory exhaustion). (CVE-2019-3882)
Marc Orr discovered that the KVM hypervisor implementation in the Linux kernel
did not properly restrict APIC MSR register values when nested virtualization
is used. An attacker in a guest vm could use this to cause a denial of service
(host OS crash). (CVE-2019-3887)
Hugues Anguelkov discovered that the Broadcom Wifi driver in the Linux kernel
contained a head puffer overflow. A physically proximate attacker could use
this to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2019-9500)
Hugues Anguelkov discovered that the Broadcom Wifi driver in the Linux kernel
did not properly prevent remote firmware events from being processed for USB
Wifi devices. A physically proximate attacker could use this to send firmware
events to the device. (CVE-2019-9503)
Update instructions
The problem can be corrected by updating your system to the following package
versions:
Ubuntu 18.10
linux-image-4.18.0-1011-gcp - 4.18.0-1011.12
linux-image-4.18.0-1012-kvm - 4.18.0-1012.12
linux-image-4.18.0-1014-raspi2 - 4.18.0-1014.16
linux-image-4.18.0-1016-aws - 4.18.0-1016.18
linux-image-4.18.0-1018-azure - 4.18.0-1018.18
linux-image-4.18.0-20-generic - 4.18.0-20.21
linux-image-4.18.0-20-generic-lpae - 4.18.0-20.21
linux-image-4.18.0-20-lowlatency - 4.18.0-20.21
linux-image-4.18.0-20-snapdragon - 4.18.0-20.21
linux-image-aws - 4.18.0.1016.16
linux-image-azure - 4.18.0.1018.19
linux-image-gcp - 4.18.0.1011.11
linux-image-generic - 4.18.0.20.21
linux-image-generic-lpae - 4.18.0.20.21
linux-image-gke - 4.18.0.1011.11
linux-image-kvm - 4.18.0.1012.12
linux-image-lowlatency - 4.18.0.20.21
linux-image-powerpc-e500mc - 4.18.0.20.21
linux-image-powerpc-smp - 4.18.0.20.21
linux-image-powerpc64-emb - 4.18.0.20.21
linux-image-powerpc64-smp - 4.18.0.20.21
linux-image-raspi2 - 4.18.0.1014.11
linux-image-snapdragon - 4.18.0.20.21
linux-image-virtual - 4.18.0.20.21
To update your system, please follow these instructions: https://
wiki.ubuntu.com/Security/Upgrades .
After a standard system update you need to reboot your computer to make all the
necessary changes.
Please note that fully mitigating the Microarchitectural Data Sampling (MDS)
issues (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091)
requires corresponding processor microcode/firmware updates or, in virtual
environments, hypervisor updates.
References
o CVE-2018-12126
o CVE-2018-12127
o CVE-2018-12130
o CVE-2018-16884
o CVE-2019-11091
o CVE-2019-3874
o CVE-2019-3882
o CVE-2019-3887
o CVE-2019-9500
o CVE-2019-9503
o https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/MDS
- ----------------------------------------------------------------------------
USN-3980-2: Linux kernel (HWE) vulnerabilities
14 May 2019
linux-hwe, linux-azure vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
o Ubuntu 18.04 LTS
Summary
Several security issues were fixed in the Linux kernel.
Software Description
o linux-azure - Linux kernel for Microsoft Azure Cloud systems
o linux-hwe - Linux hardware enablement (HWE) kernel
Details
USN-3980-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.10. This
update provides the corresponding updates for the Linux Hardware Enablement
(HWE) kernel from Ubuntu 18.10 for Ubuntu 18.04 LTS.
Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan
Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa
Milburn, Sebastian A sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos,
Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered
that memory previously stored in microarchitectural fill buffers of an Intel
CPU core may be exposed to a malicious process that is executing on the same
CPU core. A local attacker could use this to expose sensitive information.
(CVE-2018-12130)
Brandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan van
Schaik, Alyssa Milburn, Sebastian A sterlund, Pietro Frigo, Kaveh Razavi,
Herbert Bos, and Cristiano Giuffrida discovered that memory previously stored
in microarchitectural load ports of an Intel CPU core may be exposed to a
malicious process that is executing on the same CPU core. A local attacker
could use this to expose sensitive information. (CVE-2018-12127)
Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel
Moghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel
Gruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory
previously stored in microarchitectural store buffers of an Intel CPU core may
be exposed to a malicious process that is executing on the same CPU core. A
local attacker could use this to expose sensitive information. (CVE-2018-12126)
Vasily Averin and Evgenii Shatokhin discovered that a use-after-free
vulnerability existed in the NFS41+ subsystem when multiple network namespaces
are in use. A local attacker in a container could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2018-16884)
Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur, Moritz
Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa Milburn,
Sebastian A sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano
Giuffrida discovered that uncacheable memory previously stored in
microarchitectural buffers of an Intel CPU core may be exposed to a malicious
process that is executing on the same CPU core. A local attacker could use this
to expose sensitive information. (CVE-2019-11091)
Matteo Croce, Natale Vinto, and Andrea Spagnolo discovered that the cgroups
subsystem of the Linux kernel did not properly account for SCTP socket buffers.
A local attacker could use this to cause a denial of service (system crash).
(CVE-2019-3874)
Alex Williamson discovered that the vfio subsystem of the Linux kernel did not
properly limit DMA mappings. A local attacker could use this to cause a denial
of service (memory exhaustion). (CVE-2019-3882)
Marc Orr discovered that the KVM hypervisor implementation in the Linux kernel
did not properly restrict APIC MSR register values when nested virtualization
is used. An attacker in a guest vm could use this to cause a denial of service
(host OS crash). (CVE-2019-3887)
Hugues Anguelkov discovered that the Broadcom Wifi driver in the Linux kernel
contained a heap buffer overflow. A physically proximate attacker could use
this to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2019-9500)
Hugues Anguelkov discovered that the Broadcom Wifi driver in the Linux kernel
did not properly prevent remote firmware events from being processed for USB
Wifi devices. A physically proximate attacker could use this to send firmware
events to the device. (CVE-2019-9503)
Update instructions
The problem can be corrected by updating your system to the following package
versions:
Ubuntu 18.04 LTS
linux-image-4.18.0-1018-azure - 4.18.0-1018.18~18.04.1
linux-image-4.18.0-20-generic - 4.18.0-20.21~18.04.1
linux-image-4.18.0-20-generic-lpae - 4.18.0-20.21~18.04.1
linux-image-4.18.0-20-lowlatency - 4.18.0-20.21~18.04.1
linux-image-4.18.0-20-snapdragon - 4.18.0-20.21~18.04.1
linux-image-azure - 4.18.0.1018.17
linux-image-generic-hwe-18.04 - 4.18.0.20.70
linux-image-generic-lpae-hwe-18.04 - 4.18.0.20.70
linux-image-lowlatency-hwe-18.04 - 4.18.0.20.70
linux-image-snapdragon-hwe-18.04 - 4.18.0.20.70
linux-image-virtual-hwe-18.04 - 4.18.0.20.70
To update your system, please follow these instructions: https://
wiki.ubuntu.com/Security/Upgrades .
After a standard system update you need to reboot your computer to make all the
necessary changes.
Please note that fully mitigating the Microarchitectural Data Sampling (MDS)
issues (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091)
requires corresponding processor microcode/firmware updates or, in virtual
environments, hypervisor updates.
References
o USN-3980-1
o CVE-2018-12126
o CVE-2018-12127
o CVE-2018-12130
o CVE-2018-16884
o CVE-2019-11091
o CVE-2019-3874
o CVE-2019-3882
o CVE-2019-3887
o CVE-2019-9500
o CVE-2019-9503
o https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/MDS
- ----------------------------------------------------------------------------
USN-3981-1: Linux kernel vulnerabilities
14 May 2019
linux, linux-aws, linux-gcp, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
o Ubuntu 18.04 LTS
Summary
Several security issues were fixed in the Linux kernel.
Software Description
o linux - Linux kernel
o linux-aws - Linux kernel for Amazon Web Services (AWS) systems
o linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems
o linux-kvm - Linux kernel for cloud environments
o linux-oem - Linux kernel for OEM processors
o linux-oracle - Linux kernel for Oracle Cloud systems
o linux-raspi2 - Linux kernel for Raspberry Pi 2
o linux-snapdragon - Linux kernel for Snapdragon processors
Details
Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan
Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa
Milburn, Sebastian A sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos,
Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered
that memory previously stored in microarchitectural fill buffers of an Intel
CPU core may be exposed to a malicious process that is executing on the same
CPU core. A local attacker could use this to expose sensitive information.
(CVE-2018-12130)
Brandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan van
Schaik, Alyssa Milburn, Sebastian A sterlund, Pietro Frigo, Kaveh Razavi,
Herbert Bos, and Cristiano Giuffrida discovered that memory previously stored
in microarchitectural load ports of an Intel CPU core may be exposed to a
malicious process that is executing on the same CPU core. A local attacker
could use this to expose sensitive information. (CVE-2018-12127)
Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel
Moghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel
Gruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory
previously stored in microarchitectural store buffers of an Intel CPU core may
be exposed to a malicious process that is executing on the same CPU core. A
local attacker could use this to expose sensitive information. (CVE-2018-12126)
Vasily Averin and Evgenii Shatokhin discovered that a use-after-free
vulnerability existed in the NFS41+ subsystem when multiple network namespaces
are in use. A local attacker in a container could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2018-16884)
Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur, Moritz
Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa Milburn,
Sebastian A sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano
Giuffrida discovered that uncacheable memory previously stored in
microarchitectural buffers of an Intel CPU core may be exposed to a malicious
process that is executing on the same CPU core. A local attacker could use this
to expose sensitive information. (CVE-2019-11091)
Matteo Croce, Natale Vinto, and Andrea Spagnolo discovered that the cgroups
subsystem of the Linux kernel did not properly account for SCTP socket buffers.
A local attacker could use this to cause a denial of service (system crash).
(CVE-2019-3874)
Alex Williamson discovered that the vfio subsystem of the Linux kernel did not
properly limit DMA mappings. A local attacker could use this to cause a denial
of service (memory exhaustion). (CVE-2019-3882)
Hugues Anguelkov discovered that the Broadcom Wifi driver in the Linux kernel
contained a heap buffer overflow. A physically proximate attacker could use
this to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2019-9500)
Hugues Anguelkov discovered that the Broadcom Wifi driver in the Linux kernel
did not properly prevent remote firmware events from being processed for USB
Wifi devices. A physically proximate attacker could use this to send firmware
events to the device. (CVE-2019-9503)
Update instructions
The problem can be corrected by updating your system to the following package
versions:
Ubuntu 18.04 LTS
linux-image-4.15.0-1013-oracle - 4.15.0-1013.15
linux-image-4.15.0-1032-gcp - 4.15.0-1032.34
linux-image-4.15.0-1034-kvm - 4.15.0-1034.34
linux-image-4.15.0-1036-raspi2 - 4.15.0-1036.38
linux-image-4.15.0-1038-oem - 4.15.0-1038.43
linux-image-4.15.0-1039-aws - 4.15.0-1039.41
linux-image-4.15.0-1053-snapdragon - 4.15.0-1053.57
linux-image-4.15.0-50-generic - 4.15.0-50.54
linux-image-4.15.0-50-generic-lpae - 4.15.0-50.54
linux-image-4.15.0-50-lowlatency - 4.15.0-50.54
linux-image-4.15.0-50-snapdragon - 4.15.0-50.54
linux-image-aws - 4.15.0.1039.38
linux-image-gcp - 4.15.0.1032.34
linux-image-generic - 4.15.0.50.52
linux-image-generic-lpae - 4.15.0.50.52
linux-image-kvm - 4.15.0.1034.34
linux-image-lowlatency - 4.15.0.50.52
linux-image-oem - 4.15.0.1038.43
linux-image-oracle - 4.15.0.1013.16
linux-image-powerpc-e500mc - 4.15.0.50.52
linux-image-powerpc-smp - 4.15.0.50.52
linux-image-powerpc64-emb - 4.15.0.50.52
linux-image-powerpc64-smp - 4.15.0.50.52
linux-image-raspi2 - 4.15.0.1036.34
linux-image-snapdragon - 4.15.0.1053.56
linux-image-virtual - 4.15.0.50.52
To update your system, please follow these instructions: https://
wiki.ubuntu.com/Security/Upgrades .
After a standard system update you need to reboot your computer to make all the
necessary changes.
Please note that fully mitigating the Microarchitectural Data Sampling (MDS)
issues (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091)
requires corresponding processor microcode/firmware updates or, in virtual
environments, hypervisor updates.
References
o CVE-2018-12126
o CVE-2018-12127
o CVE-2018-12130
o CVE-2018-16884
o CVE-2019-11091
o CVE-2019-3874
o CVE-2019-3882
o CVE-2019-9500
o CVE-2019-9503
o https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/MDS
- ----------------------------------------------------------------------------
USN-3981-2: Linux kernel (HWE) vulnerabilities
15 May 2019
linux-hwe, linux-azure, linux-gcp, linux-oracle vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
o Ubuntu 16.04 LTS
o Ubuntu 14.04 ESM
Summary
Several security issues were fixed in the Linux kernel.
Software Description
o linux-azure - Linux kernel for Microsoft Azure Cloud systems
o linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems
o linux-hwe - Linux hardware enablement (HWE) kernel
o linux-oracle - Linux kernel for Oracle Cloud systems
Details
USN-3981-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This
update provides the corresponding updates for the Linux Hardware Enablement
(HWE) kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS and for the Linux Azure
kernel for Ubuntu 14.04 LTS.
Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan
Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa
Milburn, Sebastian A sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos,
Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered
that memory previously stored in microarchitectural fill buffers of an Intel
CPU core may be exposed to a malicious process that is executing on the same
CPU core. A local attacker could use this to expose sensitive information.
(CVE-2018-12130)
Brandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan van
Schaik, Alyssa Milburn, Sebastian A sterlund, Pietro Frigo, Kaveh Razavi,
Herbert Bos, and Cristiano Giuffrida discovered that memory previously stored
in microarchitectural load ports of an Intel CPU core may be exposed to a
malicious process that is executing on the same CPU core. A local attacker
could use this to expose sensitive information. (CVE-2018-12127)
Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel
Moghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel
Gruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory
previously stored in microarchitectural store buffers of an Intel CPU core may
be exposed to a malicious process that is executing on the same CPU core. A
local attacker could use this to expose sensitive information. (CVE-2018-12126)
Vasily Averin and Evgenii Shatokhin discovered that a use-after-free
vulnerability existed in the NFS41+ subsystem when multiple network namespaces
are in use. A local attacker in a container could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2018-16884)
Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur, Moritz
Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa Milburn,
Sebastian A sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano
Giuffrida discovered that uncacheable memory previously stored in
microarchitectural buffers of an Intel CPU core may be exposed to a malicious
process that is executing on the same CPU core. A local attacker could use this
to expose sensitive information. (CVE-2019-11091)
Matteo Croce, Natale Vinto, and Andrea Spagnolo discovered that the cgroups
subsystem of the Linux kernel did not properly account for SCTP socket buffers.
A local attacker could use this to cause a denial of service (system crash).
(CVE-2019-3874)
Alex Williamson discovered that the vfio subsystem of the Linux kernel did not
properly limit DMA mappings. A local attacker could use this to cause a denial
of service (memory exhaustion). (CVE-2019-3882)
Hugues Anguelkov discovered that the Broadcom Wifi driver in the Linux kernel
contained a heap buffer overflow. A physically proximate attacker could use
this to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2019-9500)
Hugues Anguelkov discovered that the Broadcom Wifi driver in the Linux kernel
did not properly prevent remote firmware events from being processed for USB
Wifi devices. A physically proximate attacker could use this to send firmware
events to the device. (CVE-2019-9503)
Update instructions
The problem can be corrected by updating your system to the following package
versions:
Ubuntu 16.04 LTS
linux-image-4.15.0-1013-oracle - 4.15.0-1013.15~16.04.1
linux-image-4.15.0-1032-gcp - 4.15.0-1032.34~16.04.1
linux-image-4.15.0-1045-azure - 4.15.0-1045.49
linux-image-4.15.0-50-generic - 4.15.0-50.54~16.04.1
linux-image-4.15.0-50-generic-lpae - 4.15.0-50.54~16.04.1
linux-image-4.15.0-50-lowlatency - 4.15.0-50.54~16.04.1
linux-image-azure - 4.15.0.1045.49
linux-image-gcp - 4.15.0.1032.46
linux-image-generic-hwe-16.04 - 4.15.0.50.71
linux-image-generic-lpae-hwe-16.04 - 4.15.0.50.71
linux-image-gke - 4.15.0.1032.46
linux-image-lowlatency-hwe-16.04 - 4.15.0.50.71
linux-image-oem - 4.15.0.50.71
linux-image-oracle - 4.15.0.1013.7
linux-image-virtual-hwe-16.04 - 4.15.0.50.71
Ubuntu 14.04 ESM
linux-image-4.15.0-1045-azure - 4.15.0-1045.49~14.04.1
linux-image-azure - 4.15.0.1045.32
To update your system, please follow these instructions: https://
wiki.ubuntu.com/Security/Upgrades .
After a standard system update you need to reboot your computer to make all the
necessary changes.
Please note that fully mitigating the Microarchitectural Data Sampling (MDS)
issues (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091)
requires corresponding processor microcode/firmware updates or, in virtual
environments, hypervisor updates.
References
o USN-3981-1
o CVE-2018-12126
o CVE-2018-12127
o CVE-2018-12130
o CVE-2018-16884
o CVE-2019-11091
o CVE-2019-3874
o CVE-2019-3882
o CVE-2019-9500
o CVE-2019-9503
o https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/MDS
- ----------------------------------------------------------------------------
USN-3982-1: Linux kernel vulnerabilities
14 May 2019
linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
o Ubuntu 16.04 LTS
Summary
Several security issues were fixed in the Linux kernel.
Software Description
o linux - Linux kernel
o linux-aws - Linux kernel for Amazon Web Services (AWS) systems
o linux-kvm - Linux kernel for cloud environments
o linux-raspi2 - Linux kernel for Raspberry Pi 2
o linux-snapdragon - Linux kernel for Snapdragon processors
Details
Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan
Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa
Milburn, Sebastian A sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos,
Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered
that memory previously stored in microarchitectural fill buffers of an Intel
CPU core may be exposed to a malicious process that is executing on the same
CPU core. A local attacker could use this to expose sensitive information.
(CVE-2018-12130)
Brandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan van
Schaik, Alyssa Milburn, Sebastian A sterlund, Pietro Frigo, Kaveh Razavi,
Herbert Bos, and Cristiano Giuffrida discovered that memory previously stored
in microarchitectural load ports of an Intel CPU core may be exposed to a
malicious process that is executing on the same CPU core. A local attacker
could use this to expose sensitive information. (CVE-2018-12127)
Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel
Moghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel
Gruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory
previously stored in microarchitectural store buffers of an Intel CPU core may
be exposed to a malicious process that is executing on the same CPU core. A
local attacker could use this to expose sensitive information. (CVE-2018-12126)
Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur, Moritz
Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa Milburn,
Sebastian A sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano
Giuffrida discovered that uncacheable memory previously stored in
microarchitectural buffers of an Intel CPU core may be exposed to a malicious
process that is executing on the same CPU core. A local attacker could use this
to expose sensitive information. (CVE-2019-11091)
Matteo Croce, Natale Vinto, and Andrea Spagnolo discovered that the cgroups
subsystem of the Linux kernel did not properly account for SCTP socket buffers.
A local attacker could use this to cause a denial of service (system crash).
(CVE-2019-3874)
Alex Williamson discovered that the vfio subsystem of the Linux kernel did not
properly limit DMA mappings. A local attacker could use this to cause a denial
of service (memory exhaustion). (CVE-2019-3882)
Update instructions
The problem can be corrected by updating your system to the following package
versions:
Ubuntu 16.04 LTS
linux-image-4.4.0-1046-kvm - 4.4.0-1046.52
linux-image-4.4.0-1083-aws - 4.4.0-1083.93
linux-image-4.4.0-1109-raspi2 - 4.4.0-1109.117
linux-image-4.4.0-1113-snapdragon - 4.4.0-1113.118
linux-image-4.4.0-148-generic - 4.4.0-148.174
linux-image-4.4.0-148-generic-lpae - 4.4.0-148.174
linux-image-4.4.0-148-lowlatency - 4.4.0-148.174
linux-image-4.4.0-148-powerpc-e500mc - 4.4.0-148.174
linux-image-4.4.0-148-powerpc-smp - 4.4.0-148.174
linux-image-4.4.0-148-powerpc64-emb - 4.4.0-148.174
linux-image-4.4.0-148-powerpc64-smp - 4.4.0-148.174
linux-image-aws - 4.4.0.1083.86
linux-image-generic - 4.4.0.148.156
linux-image-generic-lpae - 4.4.0.148.156
linux-image-kvm - 4.4.0.1046.46
linux-image-lowlatency - 4.4.0.148.156
linux-image-powerpc-e500mc - 4.4.0.148.156
linux-image-powerpc-smp - 4.4.0.148.156
linux-image-powerpc64-emb - 4.4.0.148.156
linux-image-powerpc64-smp - 4.4.0.148.156
linux-image-raspi2 - 4.4.0.1109.109
linux-image-snapdragon - 4.4.0.1113.105
linux-image-virtual - 4.4.0.148.156
To update your system, please follow these instructions: https://
wiki.ubuntu.com/Security/Upgrades .
After a standard system update you need to reboot your computer to make all the
necessary changes.
Please note that fully mitigating the Microarchitectural Data Sampling (MDS)
issues (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091)
requires corresponding processor microcode/firmware updates or, in virtual
environments, hypervisor updates.
References
o CVE-2018-12126
o CVE-2018-12127
o CVE-2018-12130
o CVE-2019-11091
o CVE-2019-3874
o CVE-2019-3882
o https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/MDS
- ----------------------------------------------------------------------------
USN-3982-2: Linux kernel (Xenial HWE) vulnerabilities
14 May 2019
linux-lts-xenial vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
o Ubuntu 14.04 ESM
Summary
Several security issues were fixed in the Linux kernel.
Software Description
o linux-lts-xenial - Linux hardware enablement kernel from Xenial for Trusty
Details
USN-3982-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This
update provides the corresponding updates for the Linux Hardware Enablement
(HWE) kernel from Ubuntu 16.04 for Ubuntu 14.04 LTS.
Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan
Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa
Milburn, Sebastian A sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos,
Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered
that memory previously stored in microarchitectural fill buffers of an Intel
CPU core may be exposed to a malicious process that is executing on the same
CPU core. A local attacker could use this to expose sensitive information.
(CVE-2018-12130)
Brandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan van
Schaik, Alyssa Milburn, Sebastian A sterlund, Pietro Frigo, Kaveh Razavi,
Herbert Bos, and Cristiano Giuffrida discovered that memory previously stored
in microarchitectural load ports of an Intel CPU core may be exposed to a
malicious process that is executing on the same CPU core. A local attacker
could use this to expose sensitive information. (CVE-2018-12127)
Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel
Moghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel
Gruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory
previously stored in microarchitectural store buffers of an Intel CPU core may
be exposed to a malicious process that is executing on the same CPU core. A
local attacker could use this to expose sensitive information. (CVE-2018-12126)
Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur, Moritz
Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa Milburn,
Sebastian A sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano
Giuffrida discovered that uncacheable memory previously stored in
microarchitectural buffers of an Intel CPU core may be exposed to a malicious
process that is executing on the same CPU core. A local attacker could use this
to expose sensitive information. (CVE-2019-11091)
Matteo Croce, Natale Vinto, and Andrea Spagnolo discovered that the cgroups
subsystem of the Linux kernel did not properly account for SCTP socket buffers.
A local attacker could use this to cause a denial of service (system crash).
(CVE-2019-3874)
Alex Williamson discovered that the vfio subsystem of the Linux kernel did not
properly limit DMA mappings. A local attacker could use this to cause a denial
of service (memory exhaustion). (CVE-2019-3882)
Update instructions
The problem can be corrected by updating your system to the following package
versions:
Ubuntu 14.04 ESM
linux-image-4.4.0-148-generic - 4.4.0-148.174~14.04.1
linux-image-4.4.0-148-generic-lpae - 4.4.0-148.174~14.04.1
linux-image-4.4.0-148-lowlatency - 4.4.0-148.174~14.04.1
linux-image-4.4.0-148-powerpc-e500mc - 4.4.0-148.174~14.04.1
linux-image-4.4.0-148-powerpc-smp - 4.4.0-148.174~14.04.1
linux-image-4.4.0-148-powerpc64-emb - 4.4.0-148.174~14.04.1
linux-image-4.4.0-148-powerpc64-smp - 4.4.0-148.174~14.04.1
linux-image-generic-lpae-lts-xenial - 4.4.0.148.130
linux-image-generic-lts-xenial - 4.4.0.148.130
linux-image-lowlatency-lts-xenial - 4.4.0.148.130
linux-image-powerpc-e500mc-lts-xenial - 4.4.0.148.130
linux-image-powerpc-smp-lts-xenial - 4.4.0.148.130
linux-image-powerpc64-emb-lts-xenial - 4.4.0.148.130
linux-image-powerpc64-smp-lts-xenial - 4.4.0.148.130
linux-image-virtual-lts-xenial - 4.4.0.148.130
To update your system, please follow these instructions: https://
wiki.ubuntu.com/Security/Upgrades .
After a standard system update you need to reboot your computer to make all the
necessary changes.
Please note that fully mitigating the Microarchitectural Data Sampling (MDS)
issues (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091)
requires corresponding processor microcode/firmware updates or, in virtual
environments, hypervisor updates.
References
o USN-3982-1
o CVE-2018-12126
o CVE-2018-12127
o CVE-2018-12130
o CVE-2019-11091
o CVE-2019-3874
o CVE-2019-3882
o https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/MDS
- ----------------------------------------------------------------------------
USN-3983-1: Linux kernel vulnerabilities
14 May 2019
linux vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
o Ubuntu 14.04 ESM
Summary
Several security issues were fixed in the Linux kernel.
Software Description
o linux - Linux kernel
Details
Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan
Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa
Milburn, Sebastian A sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos,
Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered
that memory previously stored in microarchitectural fill buffers of an Intel
CPU core may be exposed to a malicious process that is executing on the same
CPU core. A local attacker could use this to expose sensitive information.
(CVE-2018-12130)
Brandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan van
Schaik, Alyssa Milburn, Sebastian A sterlund, Pietro Frigo, Kaveh Razavi,
Herbert Bos, and Cristiano Giuffrida discovered that memory previously stored
in microarchitectural load ports of an Intel CPU core may be exposed to a
malicious process that is executing on the same CPU core. A local attacker
could use this to expose sensitive information. (CVE-2018-12127)
Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel
Moghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel
Gruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory
previously stored in microarchitectural store buffers of an Intel CPU core may
be exposed to a malicious process that is executing on the same CPU core. A
local attacker could use this to expose sensitive information. (CVE-2018-12126)
Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur, Moritz
Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa Milburn,
Sebastian A sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano
Giuffrida discovered that uncacheable memory previously stored in
microarchitectural buffers of an Intel CPU core may be exposed to a malicious
process that is executing on the same CPU core. A local attacker could use this
to expose sensitive information. (CVE-2019-11091)
Update instructions
The problem can be corrected by updating your system to the following package
versions:
Ubuntu 14.04 ESM
linux-image-3.13.0-170-generic - 3.13.0-170.220
linux-image-3.13.0-170-generic-lpae - 3.13.0-170.220
linux-image-3.13.0-170-lowlatency - 3.13.0-170.220
linux-image-3.13.0-170-powerpc-e500 - 3.13.0-170.220
linux-image-3.13.0-170-powerpc-e500mc - 3.13.0-170.220
linux-image-3.13.0-170-powerpc-smp - 3.13.0-170.220
linux-image-3.13.0-170-powerpc64-emb - 3.13.0-170.220
linux-image-3.13.0-170-powerpc64-smp - 3.13.0-170.220
linux-image-generic - 3.13.0.170.181
linux-image-generic-lpae - 3.13.0.170.181
linux-image-lowlatency - 3.13.0.170.181
linux-image-powerpc-e500 - 3.13.0.170.181
linux-image-powerpc-e500mc - 3.13.0.170.181
linux-image-powerpc-smp - 3.13.0.170.181
linux-image-powerpc64-emb - 3.13.0.170.181
linux-image-powerpc64-smp - 3.13.0.170.181
linux-image-virtual - 3.13.0.170.181
To update your system, please follow these instructions: https://
wiki.ubuntu.com/Security/Upgrades .
After a standard system update you need to reboot your computer to make all the
necessary changes.
Please note that fully mitigating the Microarchitectural Data Sampling (MDS)
issues (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091)
requires corresponding processor microcode/firmware updates or, in virtual
environments, hypervisor updates.
References
o CVE-2018-12126
o CVE-2018-12127
o CVE-2018-12130
o CVE-2019-11091
o https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/MDS
- ----------------------------------------------------------------------------
USN-3983-2: Linux kernel (Trusty HWE) vulnerabilities
15 May 2019
linux-lts-trusty vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
o Ubuntu 12.04 ESM
Summary
Several security issues were fixed in the Linux kernel.
Software Description
o linux-lts-trusty - Linux hardware enablement kernel from Trusty for Precise
ESM
Details
USN-3983-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This
update provides the corresponding updates for the Linux Hardware Enablement
(HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS.
Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan
Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa
Milburn, Sebastian A sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos,
Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered
that memory previously stored in microarchitectural fill buffers of an Intel
CPU core may be exposed to a malicious process that is executing on the same
CPU core. A local attacker could use this to expose sensitive information.
(CVE-2018-12130)
Brandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan van
Schaik, Alyssa Milburn, Sebastian A sterlund, Pietro Frigo, Kaveh Razavi,
Herbert Bos, and Cristiano Giuffrida discovered that memory previously stored
in microarchitectural load ports of an Intel CPU core may be exposed to a
malicious process that is executing on the same CPU core. A local attacker
could use this to expose sensitive information. (CVE-2018-12127)
Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel
Moghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel
Gruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory
previously stored in microarchitectural store buffers of an Intel CPU core may
be exposed to a malicious process that is executing on the same CPU core. A
local attacker could use this to expose sensitive information. (CVE-2018-12126)
Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur, Moritz
Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa Milburn,
Sebastian A sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano
Giuffrida discovered that uncacheable memory previously stored in
microarchitectural buffers of an Intel CPU core may be exposed to a malicious
process that is executing on the same CPU core. A local attacker could use this
to expose sensitive information. (CVE-2019-11091)
Update instructions
The problem can be corrected by updating your system to the following package
versions:
Ubuntu 12.04 ESM
linux-image-3.13.0-170-generic - 3.13.0-170.220~12.04.2+signed1
linux-image-3.13.0-170-generic-lpae - 3.13.0-170.220~12.04.2
linux-image-3.13.0-170-lowlatency - 3.13.0-170.220~12.04.2+signed1
linux-image-generic-lpae-lts-trusty - 3.13.0.170.158
linux-image-generic-lts-trusty - 3.13.0.170.158
To update your system, please follow these instructions: https://
wiki.ubuntu.com/Security/Upgrades .
After a standard system update you need to reboot your computer to make all the
necessary changes.
Please note that fully mitigating the Microarchitectural Data Sampling (MDS)
issues (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091)
requires corresponding processor microcode/firmware updates or, in virtual
environments, hypervisor updates.
References
o USN-3983-1
o CVE-2018-12126
o CVE-2018-12127
o CVE-2018-12130
o CVE-2019-11091
o https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/MDS
- ----------------------------------------------------------------------------
USN-3984-1: Linux kernel vulnerabilities
15 May 2019
linux vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
o Ubuntu 12.04 ESM
Summary
Several security issues were fixed in the Linux kernel.
Software Description
o linux - Linux kernel
Details
Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan
Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa
Milburn, Sebastian A sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos,
Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered
that memory previously stored in microarchitectural fill buffers of an Intel
CPU core may be exposed to a malicious process that is executing on the same
CPU core. A local attacker could use this to expose sensitive information.
(CVE-2018-12130)
Brandon Falk, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Stephan van
Schaik, Alyssa Milburn, Sebastian A sterlund, Pietro Frigo, Kaveh Razavi,
Herbert Bos, and Cristiano Giuffrida discovered that memory previously stored
in microarchitectural load ports of an Intel CPU core may be exposed to a
malicious process that is executing on the same CPU core. A local attacker
could use this to expose sensitive information. (CVE-2018-12127)
Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Marina Minkin, Daniel
Moghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel
Gruss, Berk Sunar, Frank Piessens, and Yuval Yarom discovered that memory
previously stored in microarchitectural store buffers of an Intel CPU core may
be exposed to a malicious process that is executing on the same CPU core. A
local attacker could use this to expose sensitive information. (CVE-2018-12126)
Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur, Moritz
Lipp, Michael Schwarz, Daniel Gruss, Stephan van Schaik, Alyssa Milburn,
Sebastian A sterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, and Cristiano
Giuffrida discovered that uncacheable memory previously stored in
microarchitectural buffers of an Intel CPU core may be exposed to a malicious
process that is executing on the same CPU core. A local attacker could use this
to expose sensitive information. (CVE-2019-11091)
Update instructions
The problem can be corrected by updating your system to the following package
versions:
Ubuntu 12.04 ESM
linux-image-3.2.0-140-generic - 3.2.0-140.186
linux-image-3.2.0-140-generic-pae - 3.2.0-140.186
linux-image-3.2.0-140-highbank - 3.2.0-140.186
linux-image-3.2.0-140-omap - 3.2.0-140.186
linux-image-3.2.0-140-powerpc-smp - 3.2.0-140.186
linux-image-3.2.0-140-powerpc64-smp - 3.2.0-140.186
linux-image-3.2.0-140-virtual - 3.2.0-140.186
linux-image-generic - 3.2.0.140.155
linux-image-generic-pae - 3.2.0.140.155
linux-image-highbank - 3.2.0.140.155
linux-image-omap - 3.2.0.140.155
linux-image-powerpc - 3.2.0.140.155
linux-image-powerpc-smp - 3.2.0.140.155
linux-image-powerpc64-smp - 3.2.0.140.155
linux-image-virtual - 3.2.0.140.155
To update your system, please follow these instructions: https://
wiki.ubuntu.com/Security/Upgrades .
After a standard system update you need to reboot your computer to make all the
necessary changes.
Please note that fully mitigating the Microarchitectural Data Sampling (MDS)
issues (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091)
requires corresponding processor microcode/firmware updates or, in virtual
environments, hypervisor updates.
References
o CVE-2018-12126
o CVE-2018-12127
o CVE-2018-12130
o CVE-2019-11091
o https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/MDS
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXNuvkGaOgq3Tt24GAQhGvA//VFkCxT6kjyj0tlkCThrgJiKtMzeTAdYa
mQo2m0mKOjuouQA890ZQiWxyCV13IVZtW03KzUPz5BMU0SNH0LkoLKL9L0Mu73YG
j7BdMFUiaaTPwWM+mZsXFnm6PbodnrlEMl2R32Rbd3MTOFdHvFwcTQo5OpNJpyFW
KWR2XJSqOwYG1qsB44dUvXxDIK/u5buK3iliHLIFlOhmQ324weN93NNvDrxJHnHL
bdnHJ0S6ij8lANQB98j2IuOTK5+m5DJCbNGERwAASg2ByGHEN97a2ys5SeOuiRgf
LvuWLERgJGoc06aAzX/G+MyCokMMCd7/wf49w798YjhYKVF3Vsy9Do68pZ5TfGQu
MnUF/aCWv5Zu3Kfw/EMS7OE5jpzeP6BbHAyeG1dOcCA7sI9YmUx2cWUw7rQbai31
JbOJ+hYaQ6yfB6OMSQWx54eP9csnoY7ZklYrLtKE0TzZDNGmobxulUc/aeQwUaYw
2FDb/mTC+tztWxzSKw55cLhzxp5kycSHS96AbGmedytWYF+TWUUmpRyONOO8/lh0
9n/ZdX7qVaPMYfAJApBn05tMwBiJhCUO7g03jOdH7WhVLzZnTiJKK4RQM4ZGp7kg
WeTOE1d/nlZExHfV78q9hC+XJKrivJQBlFr8+pcJQPwprEHkiuE2bKLrVqWPp5AJ
HwdXxls+t0A=
=UNXb
-----END PGP SIGNATURE-----