[LSN-0044-1] Linux kernel vulnerability

benjamin.romer at canonical.com benjamin.romer at canonical.com
Mon Oct 8 11:28:54 UTC 2018 

==========================================================================
Kernel Live Patch Security Notice 0044-1
October 05, 2018

linux vulnerability
==========================================================================

A security issue affects these releases of Ubuntu:

| Series           | Base kernel  | Arch     | flavors          |
|------------------+--------------+----------+------------------|
| Ubuntu 14.04 LTS | 4.4.0        | amd64    | generic          |
| Ubuntu 14.04 LTS | 4.4.0        | amd64    | lowlatency       |
| Ubuntu 16.04 LTS | 4.15.0       | amd64    | generic          |
| Ubuntu 16.04 LTS | 4.15.0       | amd64    | lowlatency       |
| Ubuntu 18.04 LTS | 4.15.0       | amd64    | generic          |
| Ubuntu 18.04 LTS | 4.15.0       | amd64    | lowlatency       |

Summary:

Several security issues were fixed in the kernel.

Note that due to a client issue, this livepatch may report that it failed to
load. You can verify that the patch has successfully loaded by looking in 
/sys/kernel/livepatch for a directory starting with the name "lkp_Ubuntu,"
followed by your kernel version, and ending with the version number, "44."
The next client update should correct this problem.

Software Description:
- linux: Linux kernel

Details:

It was discovered that memory present in the L1 data cache of an Intel CPU
core may be exposed to a malicious process that is executing on the CPU
core. This vulnerability is also known as L1 Terminal Fault (L1TF). A local
attacker could use this to expose sensitive information (memory from the
kernel or other processes). (CVE-2018-3620)

It was discovered that the paravirtualization implementation in the Linux
kernel did not properly handle some indirect calls, reducing the
effectiveness of Spectre v2 mitigations for paravirtual guests. A local
attacker could use this to expose sensitive information. (CVE-2018-15594)

It was discovered that memory present in the L1 data cache of an Intel CPU
core may be exposed to a malicious process that is executing on the CPU
core. This vulnerability is also known as L1 Terminal Fault (L1TF). A local
attacker in a guest virtual machine could use this to expose sensitive
information (memory from other guests or the host OS). (CVE-2018-3646)

It was discovered that a use-after-free vulnerability existed in the IRDA
implementation in the Linux kernel. A local attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2018-6555)

It was discovered that a stack-based buffer overflow existed in the iSCSI
target implementation of the Linux kernel. A remote attacker could use this
to cause a denial of service (system crash). (CVE-2018-14633)

It was discovered that microprocessors utilizing speculative execution and
prediction of return addresses via Return Stack Buffer (RSB) may allow
unauthorized memory reads via sidechannel attacks. An attacker could use
this to expose sensitive information. (CVE-2018-15572)

Jann Horn discovered that the vmacache subsystem did not properly handle
sequence number overflows, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or execute arbitrary code. (CVE-2018-17182)

Update instructions:

The problem can be corrected by updating your livepatches to the following
versions:

| Kernel                   | Version  | flavors                  |
|--------------------------+----------+--------------------------|
| 4.4.0-133.159            | 44.1     | generic, lowlatency      |
| 4.4.0-133.159~14.04.1    | 44.1     | lowlatency, generic      |
| 4.4.0-134.160            | 44.1     | generic, lowlatency      |
| 4.4.0-134.160~14.04.1    | 44.1     | lowlatency, generic      |
| 4.4.0-135.161~14.04.1    | 44.1     | lowlatency, generic      |
| 4.15.0-32.35             | 44.1     | lowlatency, generic      |
| 4.15.0-32.35~16.04.1     | 44.1     | generic, lowlatency      |
| 4.15.0-33.36             | 44.1     | lowlatency, generic      |
| 4.15.0-33.36~16.04.1     | 44.1     | lowlatency, generic      |
| 4.15.0-34.37             | 44.1     | generic, lowlatency      |
| 4.15.0-34.37~16.04.1     | 44.2     | lowlatency, generic      |

References:
  CVE-2018-3620, CVE-2018-15594, CVE-2018-3646, CVE-2018-6555, 
  CVE-2018-14633, CVE-2018-15572, CVE-2018-17182

More information about the ubuntu-security-announce mailing list