USN-4628-1

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/notices/USN-4628-1

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4628-1.json

JSON Data

https://api.osv.dev/v1/vulns/USN-4628-1

Related

Published

2020-11-11T06:56:58.410406Z

Modified

2020-11-11T06:56:58.410406Z

Summary

intel-microcode vulnerabilities

Details

Moritz Lipp, Michael Schwarz, Andreas Kogler, David Oswald, Catherine Easdon, Claudio Canella, and Daniel Gruss discovered that the Intel Running Average Power Limit (RAPL) feature of some Intel processors allowed a side- channel attack based on power consumption measurements. A local attacker could possibly use this to expose sensitive information. (CVE-2020-8695)

Ezra Caltum, Joseph Nuzman, Nir Shildan and Ofir Joseff discovered that some Intel(R) Processors did not properly remove sensitive information before storage or transfer in some situations. A local attacker could possibly use this to expose sensitive information. (CVE-2020-8696)

Ezra Caltum, Joseph Nuzman, Nir Shildan and Ofir Joseff discovered that some Intel(R) Processors did not properly isolate shared resources in some situations. A local attacker could possibly use this to expose sensitive information. (CVE-2020-8698)

References

Affected packages

Ubuntu:Pro:14.04:LTS / intel-microcode

Package

Name: intel-microcode
Purl: pkg:deb/ubuntu/intel-microcode?arch=src?distro=trusty/esm

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.20201110.0ubuntu0.14.04.1

Affected versions

1.*

1.20130906.1ubuntu2

1.20130906.1ubuntu3

2.*

2.20140122.1

2.20140430.1ubuntu1

2.20140624-t-1ubuntu2

3.*

3.20180108.0~ubuntu14.04.2

3.20180108.0+really20170707ubuntu14.04.1

3.20180312.0~ubuntu14.04.1

3.20180425.1~ubuntu0.14.04.1

3.20180425.1~ubuntu0.14.04.2

3.20180807a.0ubuntu0.14.04.1

3.20190514.0ubuntu0.14.04.1

3.20190514.0ubuntu0.14.04.2

3.20190618.0ubuntu0.14.04.1

3.20191112-0ubuntu0.14.04.2

3.20191115.1ubuntu0.14.04.1

3.20191115.1ubuntu0.14.04.2

3.20200609.0ubuntu0.14.04.0

3.20200609.0ubuntu0.14.04.1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "3.20201110.0ubuntu0.14.04.1",
            "binary_name": "intel-microcode"
        }
    ]
}

Ubuntu:16.04:LTS / intel-microcode

Package

Name: intel-microcode
Purl: pkg:deb/ubuntu/intel-microcode?arch=src?distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.20201110.0ubuntu0.16.04.1

Affected versions

3.*

3.20150121.1

3.20151106.1

3.20170707.1~ubuntu16.04.0

3.20180108.0~ubuntu16.04.2

3.20180108.0+really20170707ubuntu16.04.1

3.20180312.0~ubuntu16.04.1

3.20180425.1~ubuntu0.16.04.1

3.20180425.1~ubuntu0.16.04.2

3.20180807a.0ubuntu0.16.04.1

3.20190514.0ubuntu0.16.04.1

3.20190514.0ubuntu0.16.04.2

3.20190618.0ubuntu0.16.04.1

3.20191112-0ubuntu0.16.04.2

3.20191115.1ubuntu0.16.04.1

3.20191115.1ubuntu0.16.04.2

3.20200609.0ubuntu0.16.04.0

3.20200609.0ubuntu0.16.04.1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "3.20201110.0ubuntu0.16.04.1",
            "binary_name": "intel-microcode"
        }
    ]
}

Ubuntu:18.04:LTS / intel-microcode

Package

Name: intel-microcode
Purl: pkg:deb/ubuntu/intel-microcode?arch=src?distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.20201110.0ubuntu0.18.04.1

Affected versions

3.*

3.20170707.1

3.20171117.1

3.20180108.1

3.20180108.1+really20171117.1

3.20180312.0~ubuntu18.04.1

3.20180425.1~ubuntu0.18.04.1

3.20180425.1~ubuntu0.18.04.2

3.20180807a.0ubuntu0.18.04.1

3.20190514.0ubuntu0.18.04.2

3.20190514.0ubuntu0.18.04.3

3.20190618.0ubuntu0.18.04.1

3.20191112-0ubuntu0.18.04.2

3.20191115.1ubuntu0.18.04.1

3.20191115.1ubuntu0.18.04.2

3.20200609.0ubuntu0.18.04.0

3.20200609.0ubuntu0.18.04.1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "3.20201110.0ubuntu0.18.04.1",
            "binary_name": "intel-microcode"
        }
    ]
}

Ubuntu:20.04:LTS / intel-microcode

Package

Name: intel-microcode
Purl: pkg:deb/ubuntu/intel-microcode?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.20201110.0ubuntu0.20.04.1

Affected versions

3.*

3.20190918.1ubuntu1

3.20191115.1ubuntu1

3.20191115.1ubuntu2

3.20191115.1ubuntu3

3.20200609.0ubuntu0.20.04.0

3.20200609.0ubuntu0.20.04.1

3.20200609.0ubuntu0.20.04.2

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "3.20201110.0ubuntu0.20.04.1",
            "binary_name": "intel-microcode"
        }
    ]
}