CVE-2017-5753
Publication date 3 January 2018
Last updated 24 July 2024
Ubuntu priority
Cvss 3 Severity Score
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
From the Ubuntu Security Team
Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory.
Status
Package | Ubuntu Release | Status |
---|---|---|
firefox | ||
18.04 LTS bionic |
Fixed 59.0.1+build1-0ubuntu1
|
|
16.04 LTS xenial |
Fixed 57.0.4+build1-0ubuntu0.16.04.1
|
|
14.04 LTS trusty |
Fixed 57.0.4+build1-0ubuntu0.14.04.1
|
|
linux | ||
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial |
Fixed 4.4.0-112.135
|
|
14.04 LTS trusty |
Fixed 3.13.0-157.207
|
|
linux-armadaxp | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-aws | ||
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial |
Fixed 4.4.0-1049.58
|
|
14.04 LTS trusty |
Fixed 4.4.0-1011.11
|
|
linux-azure | ||
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial |
Fixed 4.15.0-1013.13~16.04.2
|
|
14.04 LTS trusty |
Not affected
|
|
linux-azure-edge | ||
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty | Not in release | |
linux-euclid | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial |
Fixed 4.4.0-9023.24
|
|
14.04 LTS trusty | Not in release | |
linux-flo | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Ignored | |
14.04 LTS trusty | Not in release | |
linux-gcp | ||
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial |
Fixed 4.15.0-1014.14~16.04.1
|
|
14.04 LTS trusty | Not in release | |
linux-gke | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Ignored | |
14.04 LTS trusty | Not in release | |
linux-goldfish | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Ignored | |
14.04 LTS trusty | Not in release | |
linux-grouper | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-hwe | ||
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial |
Fixed 4.15.0-24.26~16.04.1
|
|
14.04 LTS trusty | Not in release | |
linux-hwe-edge | ||
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial |
Fixed 4.15.0-24.26~16.04.1
|
|
14.04 LTS trusty | Not in release | |
linux-kvm | ||
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial |
Fixed 4.4.0-1017.22
|
|
14.04 LTS trusty | Not in release | |
linux-linaro-omap | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-linaro-shared | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-linaro-vexpress | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-quantal | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-raring | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-saucy | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-trusty | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-utopic | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-vivid | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Ignored | |
linux-lts-wily | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-xenial | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty |
Fixed 4.4.0-111.134~14.04.1
|
|
linux-maguro | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-mako | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Ignored | |
14.04 LTS trusty | Not in release | |
linux-manta | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-oem | ||
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial |
Fixed 4.13.0-1017.18
|
|
14.04 LTS trusty | Not in release | |
linux-qcm-msm | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-raspi2 | ||
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial |
Fixed 4.4.0-1085.93
|
|
14.04 LTS trusty | Not in release | |
linux-snapdragon | ||
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial |
Fixed 4.4.0-1087.92
|
|
14.04 LTS trusty | Not in release | |
linux-ti-omap4 | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
nvidia-graphics-drivers-384 | ||
18.04 LTS bionic |
Fixed 384.111-0ubuntu1
|
|
16.04 LTS xenial |
Fixed 384.111-0ubuntu0.16.04.1
|
|
14.04 LTS trusty |
Fixed 384.111-0ubuntu0.14.04.1
|
|
webkit2gtk | ||
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial |
Fixed 2.18.5-0ubuntu0.16.04.1
|
|
14.04 LTS trusty | Not in release |
Notes
tyhicks
Variant 1, aka "Spectre" The break-fix lines for this CVE are not complete since a large number of patches are required to mitigate this issue. The commit(s) listed are chosen as placeholders for automated CVE triage purposes.
Severity score breakdown
Parameter | Value |
---|---|
Base score | 5.6 · Medium |
Attack vector | Local |
Attack complexity | High |
Privileges required | Low |
User interaction | None |
Scope | Changed |
Confidentiality | High |
Integrity impact | None |
Availability impact | None |
Vector | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N |
References
Related Ubuntu Security Notices (USN)
- USN-3530-1
- WebKitGTK+ vulnerabilities
- 11 January 2018
- USN-3580-1
- Linux kernel vulnerabilities
- 22 February 2018
- USN-3541-2
- Linux kernel (HWE) vulnerabilities
- 23 January 2018
- USN-3521-1
- NVIDIA graphics drivers vulnerability
- 9 January 2018
- USN-3540-1
- Linux kernel vulnerabilities
- 23 January 2018
- USN-3540-2
- Linux kernel (Xenial HWE) vulnerabilities
- 23 January 2018
- USN-3549-1
- Linux kernel (KVM) vulnerabilities
- 29 January 2018
- USN-3597-2
- Linux kernel (HWE) vulnerabilities
- 15 March 2018
- USN-3516-1
- Firefox vulnerabilities
- 5 January 2018
- USN-3541-1
- Linux kernel vulnerabilities
- 23 January 2018
- USN-3597-1
- Linux kernel vulnerabilities
- 15 March 2018
- USN-3542-1
- Linux kernel vulnerabilities
- 23 January 2018
- USN-3542-2
- Linux kernel (Trusty HWE) vulnerabilities
- 23 January 2018
Other references
- https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown
- https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html
- https://googleprojectzero.blogspot.co.uk/2018/01/reading-privileged-memory-with-side.html
- https://spectreattack.com/
- https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr
- http://www.amd.com/en/corporate/speculative-execution
- https://developer.arm.com/support/security-update
- http://nvidia.custhelp.com/app/answers/detail/a_id/4611
- https://webkitgtk.org/security/WSA-2018-0001.html
- https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown
- https://www.cve.org/CVERecord?id=CVE-2017-5753