OVAL Reference oval:com.ubuntu.bionic:def:20183639000

Oval Definition:

oval:com.ubuntu.bionic:def:20183639000

Revision Date:	2018-05-22	Version:	1
Title:	CVE-2018-3639 on Ubuntu 18.04 LTS (bionic) - medium.
Description:	Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. Jann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a sidechannel attack. This flaw is known as Spectre Variant 4. A local attacker could use this to expose sensitive information, including kernel memory.
Family:	unix	Class:	vulnerability
Status:		Reference(s):	CVE-2018-3639
Platform(s):	Ubuntu 18.04 LTS	Product(s):
Definition Synopsis
Ubuntu 18.04 LTS (bionic) is installed. AND Package Information The 'intel-microcode' package in bionic was vulnerable but has been fixed (note: '3.20180807a.0ubuntu0.18.04.1'). OR The 'libvirt' package in bionic was vulnerable but has been fixed (note: '4.0.0-1ubuntu8.2'). OR The 'linux' package in bionic was vulnerable but has been fixed (note: '4.15.0-22.24'). OR The 'linux-aws' package in bionic was vulnerable but has been fixed (note: '4.15.0-1009.9'). OR The 'linux-azure' package in bionic was vulnerable but has been fixed (note: '4.15.0-1012.12'). OR The 'linux-azure-edge' package in bionic was vulnerable but has been fixed (note: '4.15.0-1012.12'). OR The 'linux-gcp' package in bionic was vulnerable but has been fixed (note: '4.15.0-1008.8'). OR NOT While related to the CVE in some way, the 'linux-gcp-edge' package in bionic is not affected (note: '4.18.0-1004.5~18.04.1'). OR NOT While related to the CVE in some way, the 'linux-gke' package in bionic is not affected. OR NOT While related to the CVE in some way, the 'linux-hwe' package in bionic is not affected (note: '4.18.0-13.14~18.04.1'). OR NOT While related to the CVE in some way, the 'linux-hwe-edge' package in bionic is not affected (note: '5.0.0-14.15~18.04.1'). OR The 'linux-kvm' package in bionic was vulnerable but has been fixed (note: '4.15.0-1010.10'). OR The 'linux-oem' package in bionic was vulnerable but has been fixed (note: '4.15.0-1006.9'). OR NOT While related to the CVE in some way, the 'linux-oracle' package in bionic is not affected (note: '4.15.0-1007.9'). OR The 'linux-raspi2' package in bionic was vulnerable but has been fixed (note: '4.15.0-1012.13'). OR The 'linux-snapdragon' package in bionic is affected. An update containing the fix has been completed and is pending publication (note: '4.15.0-1052.56'). OR The 'qemu' package in bionic was vulnerable but has been fixed (note: '1:2.11+dfsg-1ubuntu7.2').

BACK