Oh, this was fixed in https://usn.ubuntu.com/usn/usn-4657-1,
https://usn.ubuntu.com/usn/usn-4658-1,
https://usn.ubuntu.com/usn/usn-4659-1, and
https://usn.ubuntu.com/usn/usn-4660-1 . Marking fix released.
Thanks.
** Information type changed from Private Security to Public Security
** Changed in: linux (Ubuntu)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1899573
Title:
CVE-2020-4788: Speculation on incompletely validated data on IBM
Power9
Status in linux package in Ubuntu:
Fix Released
Bug description:
Hi,
IBM Power9 processors can speculatively operate on data in the L1
cache before it has been completely validated, via a way-prediction
mechanism. It is not possible for an attacker to determine the
contents of impermissible memory using this method, since these
systems implement a combination of hardware and software security
measures to prevent scenarios where protected data could be leaked.
However these measures don't address the scenario where an attacker
induces the operating system to speculatively execute instructions
using data that the attacker controls. This can be used for example to
speculatively bypass "kernel user access prevention" techniques, as
discovered by Anthony Steinhauser of Google's Safeside Project. This
is not an attack by itself, but there is a possibility it could be
used in conjunction with side-channels or other weaknesses in the
privileged code to construct an attack.
This issue can be mitigated by flushing the L1 cache between privilege
boundaries of concern.
CVEID: CVE-2020-4788
Current description/CVSS info (subject to revision)
---------------------------------------------------
Description: IBM Power9 processors could allow a local user to obtain
sensitive information from the data in the L1 cache under extenuating
circumstances.
CVSS Base Score: 2.9
CVSS Temporal Score:
https://exchange.xforce.ibmcloud.com/vulnerabilities/189296 for more information
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
Embargo details
---------------
Please do not disclose any of this information prior to 20 November
2020, as that is the coordinated date for CVE details, AIX and IBM i
fixes to be released. We will confirm the precise time of day shortly.
Fix details
-----------
In general, this issue is mitigated by flushing the L1D cache when
entering the kernel and after any in-kernel userspace memory accesses.
Please find attached patches against Focal, Bionic and Xenial. Let me
know if you want backports to Groovy done at this stage.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1899573/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
