Ubuntu update for linux

1) Observable discrepancy

EUVDB-ID: #VU51774

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-27170

CWE-ID: CWE-203 - Observable discrepancy

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists in kernel/bpf/verifier.c due to kernel performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations. A local user can run a specially crafted program to gain access to sensitive information.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 14.04 - 18.04

linux-image-azure (Ubuntu package): before 4.15.0.1111.102

linux-image-4.15.0-1111-azure (Ubuntu package): before 4.15.0-1111.123~16.04.1

linux-image-raspi2 (Ubuntu package): before 4.15.0.1082.79

linux-image-4.15.0-1082-raspi2 (Ubuntu package): before 4.15.0-1082.87

linux-image-virtual (Ubuntu package): before 4.15.0.140.127

linux-image-snapdragon (Ubuntu package): before 4.15.0.1099.102

linux-image-oracle-lts-18.04 (Ubuntu package): before 4.15.0.1068.78

linux-image-lowlatency (Ubuntu package): before 4.15.0.140.127

linux-image-kvm (Ubuntu package): before 4.15.0.1088.84

linux-image-generic-lpae (Ubuntu package): before 4.15.0.140.127

linux-image-generic (Ubuntu package): before 4.15.0.140.127

linux-image-gcp-lts-18.04 (Ubuntu package): before 4.15.0.1096.114

linux-image-dell300x (Ubuntu package): before 4.15.0.1015.17

linux-image-azure-lts-18.04 (Ubuntu package): before 4.15.0.1111.84

linux-image-aws-lts-18.04 (Ubuntu package): before 4.15.0.1097.100

linux-image-4.15.0-140-lowlatency (Ubuntu package): before 4.15.0-140.144~16.04.1

linux-image-4.15.0-140-generic-lpae (Ubuntu package): before 4.15.0-140.144~16.04.1

linux-image-4.15.0-140-generic (Ubuntu package): before 4.15.0-140.144~16.04.1

linux-image-4.15.0-1099-snapdragon (Ubuntu package): before 4.15.0-1099.108

linux-image-4.15.0-1097-aws (Ubuntu package): before 4.15.0-1097.104~16.04.1

linux-image-4.15.0-1096-gcp (Ubuntu package): before 4.15.0-1096.109~16.04.1

linux-image-4.15.0-1088-kvm (Ubuntu package): before 4.15.0-1088.90

linux-image-4.15.0-1068-oracle (Ubuntu package): before 4.15.0-1068.76~16.04.1

linux-image-4.15.0-1015-dell300x (Ubuntu package): before 4.15.0-1015.19

linux-image-virtual-hwe-16.04 (Ubuntu package): before 4.15.0.140.135

linux-image-oracle (Ubuntu package): before 4.15.0.1068.56

linux-image-oem (Ubuntu package): before 4.15.0.140.135

linux-image-lowlatency-hwe-16.04 (Ubuntu package): before 4.15.0.140.135

linux-image-gke (Ubuntu package): before 4.15.0.1096.97

linux-image-generic-lpae-hwe-16.04 (Ubuntu package): before 4.15.0.140.135

linux-image-generic-hwe-16.04 (Ubuntu package): before 4.15.0.140.135

linux-image-gcp (Ubuntu package): before 4.15.0.1096.97

linux-image-aws-hwe (Ubuntu package): before 4.15.0.1097.90

CPE2.3

• cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:
• cpe:2.3:o:canonical:ubuntu:16.04:*:*:*:*:*:*:
• cpe:2.3:o:canonical:ubuntu:14.04:*:*:*:*:*:*:

External links

http://ubuntu.com/security/notices/USN-4890-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Off-by-one

EUVDB-ID: #VU51775

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-27171

CWE-ID: CWE-193 - Off-by-one Error

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to an off-by-one error in kernel/bpf/verifier.c affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations. A local user can run a specially crafted program to gain access to sensitive information on the system.

Mitigation

Update the affected package linux to the latest version.

Vulnerable software versions

Ubuntu: 14.04 - 18.04

linux-image-azure (Ubuntu package): before 4.15.0.1111.102

linux-image-4.15.0-1111-azure (Ubuntu package): before 4.15.0-1111.123~16.04.1

linux-image-raspi2 (Ubuntu package): before 4.15.0.1082.79

linux-image-4.15.0-1082-raspi2 (Ubuntu package): before 4.15.0-1082.87

linux-image-virtual (Ubuntu package): before 4.15.0.140.127

linux-image-snapdragon (Ubuntu package): before 4.15.0.1099.102

linux-image-oracle-lts-18.04 (Ubuntu package): before 4.15.0.1068.78

linux-image-lowlatency (Ubuntu package): before 4.15.0.140.127

linux-image-kvm (Ubuntu package): before 4.15.0.1088.84

linux-image-generic-lpae (Ubuntu package): before 4.15.0.140.127

linux-image-generic (Ubuntu package): before 4.15.0.140.127

linux-image-gcp-lts-18.04 (Ubuntu package): before 4.15.0.1096.114

linux-image-dell300x (Ubuntu package): before 4.15.0.1015.17

linux-image-azure-lts-18.04 (Ubuntu package): before 4.15.0.1111.84

linux-image-aws-lts-18.04 (Ubuntu package): before 4.15.0.1097.100

linux-image-4.15.0-140-lowlatency (Ubuntu package): before 4.15.0-140.144~16.04.1

linux-image-4.15.0-140-generic-lpae (Ubuntu package): before 4.15.0-140.144~16.04.1

linux-image-4.15.0-140-generic (Ubuntu package): before 4.15.0-140.144~16.04.1

linux-image-4.15.0-1099-snapdragon (Ubuntu package): before 4.15.0-1099.108

linux-image-4.15.0-1097-aws (Ubuntu package): before 4.15.0-1097.104~16.04.1

linux-image-4.15.0-1096-gcp (Ubuntu package): before 4.15.0-1096.109~16.04.1

linux-image-4.15.0-1088-kvm (Ubuntu package): before 4.15.0-1088.90

linux-image-4.15.0-1068-oracle (Ubuntu package): before 4.15.0-1068.76~16.04.1

linux-image-4.15.0-1015-dell300x (Ubuntu package): before 4.15.0-1015.19

linux-image-virtual-hwe-16.04 (Ubuntu package): before 4.15.0.140.135

linux-image-oracle (Ubuntu package): before 4.15.0.1068.56

linux-image-oem (Ubuntu package): before 4.15.0.140.135

linux-image-lowlatency-hwe-16.04 (Ubuntu package): before 4.15.0.140.135

linux-image-gke (Ubuntu package): before 4.15.0.1096.97

linux-image-generic-lpae-hwe-16.04 (Ubuntu package): before 4.15.0.140.135

linux-image-generic-hwe-16.04 (Ubuntu package): before 4.15.0.140.135

linux-image-gcp (Ubuntu package): before 4.15.0.1096.97

linux-image-aws-hwe (Ubuntu package): before 4.15.0.1097.90

CPE2.3

• cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:
• cpe:2.3:o:canonical:ubuntu:16.04:*:*:*:*:*:*:
• cpe:2.3:o:canonical:ubuntu:14.04:*:*:*:*:*:*:

External links

http://ubuntu.com/security/notices/USN-4890-1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.