USN-3531-2

Source
https://ubuntu.com/security/notices/USN-3531-2
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3531-2.json
JSON Data
https://api.osv.dev/v1/vulns/USN-3531-2
Related
Published
2018-01-22T16:09:41.849114Z
Modified
2018-01-22T16:09:41.849114Z
Summary
intel-microcode regression
Details

USN-3531-1 updated Intel microcode to the 20180108 release. Regressions were discovered in the microcode updates which could cause system instability on certain hardware platforms. At the request of Intel, we have reverted to the previous packaged microcode version, the 20170707 release.

Original advisory details:

It was discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2017-5715)

This update provides the microcode updates required for the corresponding Linux kernel updates.

References

Affected packages

Ubuntu:14.04:LTS / intel-microcode

Package

Name
intel-microcode
Purl
pkg:deb/ubuntu/intel-microcode?arch=src?distro=trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.20180108.0+really20170707ubuntu14.04.1

Affected versions

1.*

1.20130906.1ubuntu2
1.20130906.1ubuntu3

2.*

2.20140122.1
2.20140430.1ubuntu1
2.20140624-t-1ubuntu2

3.*

3.20180108.0~ubuntu14.04.2

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "3.20180108.0+really20170707ubuntu14.04.1",
            "binary_name": "intel-microcode"
        }
    ]
}

Ubuntu:16.04:LTS / intel-microcode

Package

Name
intel-microcode
Purl
pkg:deb/ubuntu/intel-microcode?arch=src?distro=xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.20180108.0+really20170707ubuntu16.04.1

Affected versions

3.*

3.20150121.1
3.20151106.1
3.20170707.1~ubuntu16.04.0
3.20180108.0~ubuntu16.04.2

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "3.20180108.0+really20170707ubuntu16.04.1",
            "binary_name": "intel-microcode"
        }
    ]
}