Oh, this was fixed in https://usn.ubuntu.com/usn/usn-4657-1, https://usn.ubuntu.com/usn/usn-4658-1, https://usn.ubuntu.com/usn/usn-4659-1, and https://usn.ubuntu.com/usn/usn-4660-1 . Marking fix released.
Thanks. ** Information type changed from Private Security to Public Security ** Changed in: linux (Ubuntu) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1899573 Title: CVE-2020-4788: Speculation on incompletely validated data on IBM Power9 Status in linux package in Ubuntu: Fix Released Bug description: Hi, IBM Power9 processors can speculatively operate on data in the L1 cache before it has been completely validated, via a way-prediction mechanism. It is not possible for an attacker to determine the contents of impermissible memory using this method, since these systems implement a combination of hardware and software security measures to prevent scenarios where protected data could be leaked. However these measures don't address the scenario where an attacker induces the operating system to speculatively execute instructions using data that the attacker controls. This can be used for example to speculatively bypass "kernel user access prevention" techniques, as discovered by Anthony Steinhauser of Google's Safeside Project. This is not an attack by itself, but there is a possibility it could be used in conjunction with side-channels or other weaknesses in the privileged code to construct an attack. This issue can be mitigated by flushing the L1 cache between privilege boundaries of concern. CVEID: CVE-2020-4788 Current description/CVSS info (subject to revision) --------------------------------------------------- Description: IBM Power9 processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. CVSS Base Score: 2.9 CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/189296 for more information CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) Embargo details --------------- Please do not disclose any of this information prior to 20 November 2020, as that is the coordinated date for CVE details, AIX and IBM i fixes to be released. We will confirm the precise time of day shortly. Fix details ----------- In general, this issue is mitigated by flushing the L1D cache when entering the kernel and after any in-kernel userspace memory accesses. Please find attached patches against Focal, Bionic and Xenial. Let me know if you want backports to Groovy done at this stage. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1899573/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp