========================================================================== Ubuntu Security Notice USN-5319-1 March 09, 2022 linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, ilinux-lts-xenial, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services (AWS) systems - linux-azure-4.15: Linux kernel for Microsoft Azure Cloud systems - linux-dell300x: Linux kernel for Dell 300x platforms - linux-gcp-4.15: Linux kernel for Google Cloud Platform (GCP) systems - linux-kvm: Linux kernel for cloud environments - linux-oracle: Linux kernel for Oracle Cloud systems - linux-raspi2: Linux kernel for Raspberry Pi systems - linux-snapdragon: Linux kernel for Qualcomm Snapdragon processors - linux-aws-hwe: Linux kernel for Amazon Web Services (AWS-HWE) systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems - linux-hwe: Linux hardware enablement (HWE) kernel - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Details: Enrico Barberis, Pietro Frigo, Marius Muench, Herbert Bos, and Cristiano Giuffrida discovered that hardware mitigations added by Intel to their processors to address Spectre-BTI were insufficient. A local attacker could potentially use this to expose sensitive information. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: linux-image-4.15.0-1037-dell300x 4.15.0-1037.42 linux-image-4.15.0-1089-oracle 4.15.0-1089.98 linux-image-4.15.0-1105-raspi2 4.15.0-1105.112 linux-image-4.15.0-1109-kvm 4.15.0-1109.112 linux-image-4.15.0-1118-gcp 4.15.0-1118.132 linux-image-4.15.0-1122-snapdragon 4.15.0-1122.131 linux-image-4.15.0-1123-aws 4.15.0-1123.132 linux-image-4.15.0-1133-azure 4.15.0-1133.146 linux-image-4.15.0-171-generic 4.15.0-171.180 linux-image-4.15.0-171-generic-lpae 4.15.0-171.180 linux-image-4.15.0-171-lowlatency 4.15.0-171.180 linux-image-aws-lts-18.04 4.15.0.1123.126 linux-image-azure-lts-18.04 4.15.0.1133.106 linux-image-dell300x 4.15.0.1037.39 linux-image-gcp-lts-18.04 4.15.0.1118.137 linux-image-generic 4.15.0.171.160 linux-image-generic-lpae 4.15.0.171.160 linux-image-kvm 4.15.0.1109.105 linux-image-lowlatency 4.15.0.171.160 linux-image-oracle-lts-18.04 4.15.0.1089.99 linux-image-raspi2 4.15.0.1105.103 linux-image-snapdragon 4.15.0.1122.125 linux-image-virtual 4.15.0.171.160 Ubuntu 16.04 ESM: linux-image-4.15.0-1089-oracle 4.15.0-1089.98~16.04.1 linux-image-4.15.0-1118-gcp 4.15.0-1118.132~16.04.1 linux-image-4.15.0-1123-aws-hwe 4.15.0-1123.132~16.04.1 linux-image-4.15.0-1133-azure 4.15.0-1133.146~16.04.1 linux-image-4.15.0-171-generic 4.15.0-171.180~16.04.1 linux-image-4.15.0-171-lowlatency 4.15.0-171.180~16.04.1 linux-image-4.4.0-1102-kvm 4.4.0-1102.111 linux-image-4.4.0-1137-aws 4.4.0-1137.151 linux-image-4.4.0-221-generic 4.4.0-221.254 linux-image-4.4.0-221-lowlatency 4.4.0-221.254 linux-image-aws 4.4.0.1137.142 linux-image-aws-hwe 4.15.0.1123.113 linux-image-azure 4.15.0.1133.124 linux-image-gcp 4.15.0.1118.119 linux-image-generic 4.4.0.221.228 linux-image-generic-hwe-16.04 4.15.0.171.163 linux-image-gke 4.15.0.1118.119 linux-image-kvm 4.4.0.1102.100 linux-image-lowlatency 4.4.0.221.228 linux-image-lowlatency-hwe-16.04 4.15.0.171.163 linux-image-oem 4.15.0.171.163 linux-image-oracle 4.15.0.1089.77 linux-image-virtual 4.4.0.221.228 linux-image-virtual-hwe-16.04 4.15.0.171.163 Ubuntu 14.04 ESM: linux-image-4.15.0-1133-azure 4.15.0-1133.146~14.04.1 linux-image-4.4.0-1101-aws 4.4.0-1101.106 linux-image-4.4.0-221-generic 4.4.0-221.254~14.04.1 linux-image-4.4.0-221-lowlatency 4.4.0-221.254~14.04.1 linux-image-aws 4.4.0.1101.99 linux-image-azure 4.15.0.1133.106 linux-image-generic-lts-xenial 4.4.0.221.192 linux-image-lowlatency-lts-xenial 4.4.0.221.192 linux-image-virtual-lts-xenial 4.4.0.221.192 IMPORTANT: As part of this update, unprivileged eBPF is being disabled by default, as it is the primary known means of exploiting the Branch History Injection issues described above. It should be noted that other mechanisms for exploiting the underlying issues may be discovered. Also, this may cause issues for applications that rely on the unprivileged eBPF functionality. Please see the knowledge base article at https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/BHI for more details. After a standard system update you need to reboot your computer to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5319-1 CVE-2022-0001, CVE-2022-0002, https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/BHI Package Information: https://launchpad.net/ubuntu/+source/linux/4.15.0-171.180 https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1123.132 https://launchpad.net/ubuntu/+source/linux-azure-4.15/4.15.0-1133.146 https://launchpad.net/ubuntu/+source/linux-dell300x/4.15.0-1037.42 https://launchpad.net/ubuntu/+source/linux-gcp-4.15/4.15.0-1118.132 https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1109.112 https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1089.98 https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1105.112 https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1122.131