Executive Summary

Summary
Title Linux kernel vulnerability
Informations
Name USN-4303-1 First vendor Publication 2020-03-17
Vendor Ubuntu Last vendor Modification 2020-03-17
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS

Summary:

The system could be made to expose sensitive information.

Software Description: - linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services (AWS) systems - linux-kvm: Linux kernel for cloud environments

Details:

Paulo Bonzini discovered that the KVM hypervisor implementation in the Linux kernel could improperly let a nested (level 2) guest access the resources of a parent (level 1) guest in certain situations. An attacker could use this to expose sensitive information.

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 LTS:
linux-image-4.4.0-1068-kvm 4.4.0-1068.75
linux-image-4.4.0-1104-aws 4.4.0-1104.115
linux-image-4.4.0-176-generic 4.4.0-176.206
linux-image-4.4.0-176-generic-lpae 4.4.0-176.206
linux-image-4.4.0-176-lowlatency 4.4.0-176.206
linux-image-4.4.0-176-powerpc-e500mc 4.4.0-176.206
linux-image-4.4.0-176-powerpc-smp 4.4.0-176.206
linux-image-4.4.0-176-powerpc64-emb 4.4.0-176.206
linux-image-4.4.0-176-powerpc64-smp 4.4.0-176.206
linux-image-aws 4.4.0.1104.108
linux-image-generic 4.4.0.176.184
linux-image-generic-lpae 4.4.0.176.184
linux-image-kvm 4.4.0.1068.68
linux-image-lowlatency 4.4.0.176.184
linux-image-powerpc-e500mc 4.4.0.176.184
linux-image-powerpc-smp 4.4.0.176.184
linux-image-powerpc64-emb 4.4.0.176.184
linux-image-powerpc64-smp 4.4.0.176.184
linux-image-virtual 4.4.0.176.184

After a standard system update you need to reboot your computer to make all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.

References:
https://usn.ubuntu.com/4303-1
CVE-2020-2732

Package Information:
https://launchpad.net/ubuntu/+source/linux/4.4.0-176.206
https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1104.115
https://launchpad.net/ubuntu/+source/linux-kvm/4.4.0-1068.75

Original Source

Url : http://www.ubuntu.com/usn/USN-4303-1

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2020-03-17 05:19:02
  • First insertion