| Revision Date: | 2018-01-04 | Version: | 1 | | Title: | CVE-2017-5715 on Ubuntu 18.04 LTS (bionic) - high. | | Description: | Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory.
| | Family: | unix | Class: | vulnerability | | Status: | | Reference(s): | CVE-2017-5715
| | Platform(s): | Ubuntu 18.04 LTS
| Product(s): | | | Definition Synopsis | | Ubuntu 18.04 LTS (bionic) is installed. AND Package Information
amd64-microcode package in bionic was vulnerable but has been fixed (note: '3.20180524.1~ubuntu0.18.04.1').
OR firefox package in bionic was vulnerable but has been fixed (note: '59.0.1+build1-0ubuntu1').
OR intel-microcode package in bionic, is related to the CVE in some way and has been fixed (note: '3.20180108.1').
OR libvirt package in bionic, is related to the CVE in some way and has been fixed (note: '4.0.0-1ubuntu1').
OR linux package in bionic, is related to the CVE in some way and has been fixed (note: '4.13.0-32.35').
OR linux-aws package in bionic, is related to the CVE in some way and has been fixed (note: '4.15.0-1001.1').
OR linux-azure package in bionic, is related to the CVE in some way and has been fixed (note: '4.15.0-1002.2').
OR linux-gcp package in bionic, is related to the CVE in some way and has been fixed (note: '4.15.0-1001.1').
OR linux-kvm package in bionic, is related to the CVE in some way and has been fixed (note: '4.15.0-1002.2').
OR linux-meta package in bionic, is related to the CVE in some way and has been fixed (note: '4.13.0-32.35').
OR linux-meta-aws package in bionic, is related to the CVE in some way and has been fixed (note: '4.15.0-1001.1').
OR linux-meta-azure package in bionic, is related to the CVE in some way and has been fixed (note: '4.15.0-1002.2').
OR linux-meta-gcp package in bionic, is related to the CVE in some way and has been fixed (note: '4.15.0-1001.1').
OR linux-meta-kvm package in bionic, is related to the CVE in some way and has been fixed (note: '4.15.0-1002.2').
OR linux-meta-oem package in bionic, is related to the CVE in some way and has been fixed (note: '4.15.0-1002.3').
OR linux-meta-raspi2 package in bionic, is related to the CVE in some way and has been fixed (note: '4.15.0-1006.7').
OR linux-oem package in bionic, is related to the CVE in some way and has been fixed (note: '4.15.0-1002.3').
OR linux-raspi2 package in bionic, is related to the CVE in some way and has been fixed (note: '4.15.0-1006.7').
OR linux-signed package in bionic, is related to the CVE in some way and has been fixed (note: '4.13.0-32.35').
OR linux-signed-azure package in bionic, is related to the CVE in some way and has been fixed (note: '4.15.0-1002.2').
OR linux-signed-gcp package in bionic, is related to the CVE in some way and has been fixed (note: '4.15.0-1001.1').
OR linux-signed-oem package in bionic, is related to the CVE in some way and has been fixed (note: '4.15.0-1002.3').
OR qemu package in bionic was vulnerable but has been fixed (note: '1:2.11+dfsg-1ubuntu2').
OR webkit2gtk package in bionic, is related to the CVE in some way and has been fixed (note: '2.18.6-1').
|
|