USN-4628-1

See a problem?

Source

https://ubuntu.com/security/notices/USN-4628-1

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4628-1.json

JSON Data

https://api.osv.dev/v1/vulns/USN-4628-1

Related

CVE-2020-8695
CVE-2020-8696
CVE-2020-8698
UBUNTU-CVE-2020-8695
UBUNTU-CVE-2020-8696
UBUNTU-CVE-2020-8698

Published

2020-11-11T06:56:58.410406Z

Modified

2020-11-11T06:56:58.410406Z

Summary

intel-microcode vulnerabilities

Details

Moritz Lipp, Michael Schwarz, Andreas Kogler, David Oswald, Catherine Easdon, Claudio Canella, and Daniel Gruss discovered that the Intel Running Average Power Limit (RAPL) feature of some Intel processors allowed a side- channel attack based on power consumption measurements. A local attacker could possibly use this to expose sensitive information. (CVE-2020-8695)

Ezra Caltum, Joseph Nuzman, Nir Shildan and Ofir Joseff discovered that some Intel(R) Processors did not properly remove sensitive information before storage or transfer in some situations. A local attacker could possibly use this to expose sensitive information. (CVE-2020-8696)

Ezra Caltum, Joseph Nuzman, Nir Shildan and Ofir Joseff discovered that some Intel(R) Processors did not properly isolate shared resources in some situations. A local attacker could possibly use this to expose sensitive information. (CVE-2020-8698)

References

Affected packages

Ubuntu:Pro:14.04:LTS / intel-microcode

Package

Name: intel-microcode
Purl: pkg:deb/ubuntu/intel-microcode@3.20201110.0ubuntu0.14.04.1?arch=src?distro=trusty/esm

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.20201110.0ubuntu0.14.04.1

Affected versions

1.*

1.20130906.1ubuntu2

1.20130906.1ubuntu3

2.*

2.20140122.1

2.20140430.1ubuntu1

2.20140624-t-1ubuntu2

3.*

3.20180108.0~ubuntu14.04.2

3.20180108.0+really20170707ubuntu14.04.1

3.20180312.0~ubuntu14.04.1

3.20180425.1~ubuntu0.14.04.1

3.20180425.1~ubuntu0.14.04.2

3.20180807a.0ubuntu0.14.04.1

3.20190514.0ubuntu0.14.04.1

3.20190514.0ubuntu0.14.04.2

3.20190618.0ubuntu0.14.04.1

3.20191112-0ubuntu0.14.04.2

3.20191115.1ubuntu0.14.04.1

3.20191115.1ubuntu0.14.04.2

3.20200609.0ubuntu0.14.04.0

3.20200609.0ubuntu0.14.04.1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "binaries": [
        {
            "intel-microcode": "3.20201110.0ubuntu0.14.04.1"
        }
    ]
}

Ubuntu:16.04:LTS / intel-microcode

Package

Name: intel-microcode
Purl: pkg:deb/ubuntu/intel-microcode@3.20201110.0ubuntu0.16.04.1?arch=src?distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.20201110.0ubuntu0.16.04.1

Affected versions

3.*

3.20150121.1

3.20151106.1

3.20170707.1~ubuntu16.04.0

3.20180108.0~ubuntu16.04.2

3.20180108.0+really20170707ubuntu16.04.1

3.20180312.0~ubuntu16.04.1

3.20180425.1~ubuntu0.16.04.1

3.20180425.1~ubuntu0.16.04.2

3.20180807a.0ubuntu0.16.04.1

3.20190514.0ubuntu0.16.04.1

3.20190514.0ubuntu0.16.04.2

3.20190618.0ubuntu0.16.04.1

3.20191112-0ubuntu0.16.04.2

3.20191115.1ubuntu0.16.04.1

3.20191115.1ubuntu0.16.04.2

3.20200609.0ubuntu0.16.04.0

3.20200609.0ubuntu0.16.04.1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "intel-microcode": "3.20201110.0ubuntu0.16.04.1"
        }
    ]
}

Ubuntu:18.04:LTS / intel-microcode

Package

Name: intel-microcode
Purl: pkg:deb/ubuntu/intel-microcode@3.20201110.0ubuntu0.18.04.1?arch=src?distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.20201110.0ubuntu0.18.04.1

Affected versions

3.*

3.20170707.1

3.20171117.1

3.20180108.1

3.20180108.1+really20171117.1

3.20180312.0~ubuntu18.04.1

3.20180425.1~ubuntu0.18.04.1

3.20180425.1~ubuntu0.18.04.2

3.20180807a.0ubuntu0.18.04.1

3.20190514.0ubuntu0.18.04.2

3.20190514.0ubuntu0.18.04.3

3.20190618.0ubuntu0.18.04.1

3.20191112-0ubuntu0.18.04.2

3.20191115.1ubuntu0.18.04.1

3.20191115.1ubuntu0.18.04.2

3.20200609.0ubuntu0.18.04.0

3.20200609.0ubuntu0.18.04.1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "intel-microcode": "3.20201110.0ubuntu0.18.04.1"
        }
    ]
}

Ubuntu:20.04:LTS / intel-microcode

Package

Name: intel-microcode
Purl: pkg:deb/ubuntu/intel-microcode@3.20201110.0ubuntu0.20.04.1?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.20201110.0ubuntu0.20.04.1

Affected versions

3.*

3.20190918.1ubuntu1

3.20191115.1ubuntu1

3.20191115.1ubuntu2

3.20191115.1ubuntu3

3.20200609.0ubuntu0.20.04.0

3.20200609.0ubuntu0.20.04.1

3.20200609.0ubuntu0.20.04.2

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "intel-microcode": "3.20201110.0ubuntu0.20.04.1"
        }
    ]
}