CVE-2018-3620
Publication date 14 August 2018
Last updated 24 July 2024
Ubuntu priority
Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis.
From the Ubuntu Security Team
It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault (L1TF). A local attacker could use this to expose sensitive information (memory from the kernel or other processes).
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| linux | ||
| 18.04 LTS bionic |
Fixed 4.15.0-32.35
|
|
| 16.04 LTS xenial |
Fixed 4.4.0-133.159
|
|
| 14.04 LTS trusty |
Fixed 3.13.0-155.205
|
|
| linux-aws | ||
| 18.04 LTS bionic |
Fixed 4.15.0-1019.19
|
|
| 16.04 LTS xenial |
Fixed 4.4.0-1065.75
|
|
| 14.04 LTS trusty |
Fixed 4.4.0-1027.30
|
|
| linux-aws-hwe | ||
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty | Not in release | |
| linux-azure | ||
| 18.04 LTS bionic |
Fixed 4.15.0-1021.21
|
|
| 16.04 LTS xenial |
Fixed 4.15.0-1021.21~16.04.1
|
|
| 14.04 LTS trusty |
Not affected
|
|
| linux-azure-edge | ||
| 18.04 LTS bionic |
Fixed 4.15.0-1021.21
|
|
| 16.04 LTS xenial |
Fixed 4.15.0-1021.21~16.04.1
|
|
| 14.04 LTS trusty | Not in release | |
| linux-euclid | ||
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Ignored | |
| 14.04 LTS trusty | Not in release | |
| linux-flo | ||
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Ignored | |
| 14.04 LTS trusty | Not in release | |
| linux-gcp | ||
| 18.04 LTS bionic |
Fixed 4.15.0-1017.18
|
|
| 16.04 LTS xenial |
Fixed 4.15.0-1017.18~16.04.1
|
|
| 14.04 LTS trusty | Not in release | |
| linux-gcp-edge | ||
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-gke | ||
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Ignored | |
| 14.04 LTS trusty | Not in release | |
| linux-goldfish | ||
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Ignored | |
| 14.04 LTS trusty | Not in release | |
| linux-grouper | ||
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-hwe | ||
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial |
Fixed 4.15.0-32.35~16.04.1
|
|
| 14.04 LTS trusty | Not in release | |
| linux-hwe-edge | ||
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial |
Fixed 4.15.0-32.35~16.04.1
|
|
| 14.04 LTS trusty | Not in release | |
| linux-kvm | ||
| 18.04 LTS bionic |
Fixed 4.15.0-1019.19
|
|
| 16.04 LTS xenial |
Fixed 4.4.0-1031.37
|
|
| 14.04 LTS trusty | Not in release | |
| linux-lts-trusty | ||
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-lts-utopic | ||
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-lts-vivid | ||
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-lts-wily | ||
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-lts-xenial | ||
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty |
Fixed 4.4.0-133.159~14.04.1
|
|
| linux-maguro | ||
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-mako | ||
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Ignored | |
| 14.04 LTS trusty | Not in release | |
| linux-manta | ||
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-oem | ||
| 18.04 LTS bionic |
Fixed 4.15.0-1015.18
|
|
| 16.04 LTS xenial | Ignored | |
| 14.04 LTS trusty | Not in release | |
| linux-oracle | ||
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty | Not in release | |
| linux-raspi2 | ||
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty | Not in release | |
| linux-snapdragon | ||
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty | Not in release |
Notes
tyhicks
The break-fix lines for this CVE are not complete since a large number of patches are required to mitigate this issue. The commit(s) listed are chosen as placeholders for automated CVE triage purposes.
Patch details
| Package | Patch details |
|---|---|
| linux |
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
5.6 · Medium
|
| Attack vector | Local |
| Attack complexity | High |
| Privileges required | Low |
| User interaction | None |
| Scope | Changed |
| Confidentiality | High |
| Integrity impact | None |
| Availability impact | None |
| Vector | CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N |
References
Related Ubuntu Security Notices (USN)
- USN-3742-1
- Linux kernel vulnerabilities
- 14 August 2018
- USN-3742-2
- Linux kernel (Trusty HWE) vulnerabilities
- 14 August 2018
- USN-3823-1
- Linux kernel vulnerabilities
- 15 November 2018
- USN-3741-2
- Linux kernel (Xenial HWE) vulnerabilities
- 14 August 2018
- USN-3741-1
- Linux kernel vulnerabilities
- 14 August 2018
- USN-3740-2
- Linux kernel (HWE) vulnerabilities
- 14 August 2018
- USN-3740-1
- Linux kernel vulnerabilities
- 14 August 2018