usn.ubuntu.com

Merge ~bromer/usn.ubuntu.com/+git/lsn:lsn into usn.ubuntu.com:master

  1. Git
  2. lp:~bromer/usn.ubuntu.com/+git/lsn
  3. lsn
  4. Merge into master
Proposed by Ben Romer
Status: Merged
Merged at revision: 056681954b7b7adf9de50e21f4a5861645c44e26
Proposed branch: ~bromer/usn.ubuntu.com/+git/lsn:lsn
Merge into: usn.ubuntu.com:master
Diff against target: 141 lines (+135/-0)
1 file modified
content/lsn/0068-1.md (+135/-0)
Reviewer Review Type Date Requested Status
USN Website Team Pending
Review via email: mp+385419@code.launchpad.net
To post a comment you must log in.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/content/lsn/0068-1.md b/content/lsn/0068-1.md
2new file mode 100644
3index 0000000..42437f4
4--- /dev/null
5+++ b/content/lsn/0068-1.md
6@@ -0,0 +1,135 @@
7+---
8+title: "LSN-0068-1: Kernel Live Patch Security Notice"
9+permalink: /lsn/0068-1/index.html
10+releases: [ubuntu-14.04-esm,ubuntu-16.04-lts,ubuntu-18.04-lts]
11+date: 2020-06-09 12:07:29
12+description: "Several security issues were fixed in the kernel."
13+---
14+
15+## Linux kernel vulnerabilities
16+
17+A security issue affects these releases of Ubuntu and its derivatives:
18+
19+* Ubuntu 20.04 LTS
20+* Ubuntu 18.04 LTS
21+* Ubuntu 16.04 LTS
22+* Ubuntu 14.04 ESM
23+
24+### Summary
25+
26+Several security issues were fixed in the kernel.
27+
28+### Software Description
29+
30+* linux - Linux kernel
31+* linux-aws - Linux kernel for Amazon Web Services (AWS) systems
32+* linux-oem - Linux kernel for OEM systems
33+
34+### Special Notice for CVE-2020-0543
35+
36+On June 9, Intel announced CVE-2020-0543, a CPU hardware issue known
37+as Special Register Buffer Data Sampling (SRBDS), which could result
38+in data leaks from random number generation instructions. The issue
39+affects a subset of Intel CPUs and is mitigated by a CPU microcode
40+update. This is a hardware issue and cannot be mitigated with a
41+livepatch.
42+
43+The kernel update associated with the CVE provides the ability
44+to turn the mitigation on and off and to report the presence of the
45+mitigation in the microcode, and should be installed with the updated
46+microcode.
47+
48+To determine if your Intel CPU is affected, consult
49+[Intel's list of affected processors.](https://software.intel.com/security-software-guidance/insights/processors-affected-special-register-buffer-data-sampling)
50+Note that AMD processors, and architectures other than x86_64, are not
51+affected by this CVE.
52+
53+Users affected by this issue should update their kernel and CPU microcode,
54+and reboot into the new kernel. Users not affected by CVE-2020-0543 may continue
55+to use livepatch updates without rebooting.
56+
57+For more information about the CVE and our response, please consult the
58+[Ubuntu SRBDS wiki page.](https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SRBDS)
59+
60+### Details
61+
62+It was discovered that the virtual terminal implementation in the Linux
63+kernel did not properly handle resize events. A local attacker could use
64+this to expose sensitive information. (CVE-2020-8647)
65+
66+It was discovered that the virtual terminal implementation in the Linux
67+kernel contained a race condition. A local attacker could possibly use this
68+to cause a denial of service (system crash) or expose sensitive
69+information. (CVE-2020-8648)
70+
71+It was discovered that the virtual terminal implementation in the Linux
72+kernel did not properly handle resize events. A local attacker could use
73+this to expose sensitive information. (CVE-2020-8649)
74+
75+It was discovered that the Serial CAN interface driver in the Linux kernel
76+did not properly initialize data. A local attacker could use this to expose
77+sensitive information (kernel memory). (CVE-2020-11494)
78+
79+Piotr Krysiuk discovered that race conditions existed in the file system
80+implementation in the Linux kernel. A local attacker could use this to
81+cause a denial of service (system crash). (CVE-2020-12114)
82+
83+## Update instructions
84+
85+The problem can be corrected by updating your kernel livepatch to the following
86+versions:
87+
88+Ubuntu 18.04 LTS
89+: aws - 68.1
90+: generic - 68.1
91+: lowlatency - 68.1
92+: oem - 68.1
93+
94+Ubuntu 16.04 LTS
95+: aws - 68.1
96+: generic - 67.1
97+: generic - 68.1
98+: lowlatency - 67.1
99+: lowlatency - 68.1
100+
101+Ubuntu 14.04 ESM
102+: generic - 66.1
103+: lowlatency - 66.1
104+
105+## Support Information
106+
107+Kernels older than the levels listed below do not receive livepatch
108+updates. If you are running a kernel version earlier than the one listed
109+below, please upgrade your kernel as soon as possible.
110+
111+Ubuntu 18.04 LTS
112+: linux - 4.15.0-69
113+: linux-aws - 4.15.0-1054
114+: linux-azure - 5.0.0-1025
115+: linux-gcp - 5.0.0-1025
116+: linux-oem - 4.15.0-1063
117+
118+Ubuntu 20.04 LTS
119+: linux - 5.4.0-26
120+: linux-aws - 5.4.0-1009
121+: linux-azure - 5.4.0-1010
122+: linux-gcp - 5.4.0-1009
123+: linux-oem - 5.4.0-26
124+
125+Ubuntu 16.04 LTS
126+: linux - 4.4.0-168
127+: linux-aws - 4.4.0-1098
128+: linux-azure - 4.15.0-1063
129+: linux-hwe - 4.15.0-69
130+
131+Ubuntu 14.04 ESM
132+: linux-lts-xenial - 4.4.0-168
133+
134+## References
135+
136+* [CVE-2020-0543](https://people.canonical.com/~ubuntu-security/cve/CVE-2020-0543)
137+* [CVE-2020-8647](https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8647)
138+* [CVE-2020-8648](https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8648)
139+* [CVE-2020-8649](https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8649)
140+* [CVE-2020-11494](https://people.canonical.com/~ubuntu-security/cve/CVE-2020-11494)
141+* [CVE-2020-12114](https://people.canonical.com/~ubuntu-security/cve/CVE-2020-12114)

Subscribers

People subscribed via source and target branches