CVE-2020-8832
Published: 5 March 2020
The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 ("The Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors.") was discovered to be incomplete, meaning that in versions of the kernel before 4.15.0-91.92, an attacker could use this vulnerability to expose sensitive information.
From the Ubuntu Security Team
Gregory Herrero discovered that the fix for CVE-2019-14615 to address the Linux kernel not properly clearing data structures on context switches for certain Intel graphics processors was incomplete. A local attacker could use this to expose sensitive information.
Notes
Author | Note |
---|---|
sbeattie | this issue is Ubuntu specific and only affects 4.15 kernels. |
Priority
Status
Package | Release | Status |
---|---|---|
linux Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-91.92)
|
eoan |
Not vulnerable
|
|
trusty |
Not vulnerable
|
|
upstream |
Not vulnerable
|
|
xenial |
Not vulnerable
|
|
linux-aws Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1063.67)
|
eoan |
Not vulnerable
|
|
trusty |
Ignored
(was needs-triage ESM criteria)
|
|
upstream |
Needs triage
|
|
xenial |
Not vulnerable
|
|
linux-aws-5.0 Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of life, was needs-triage)
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Does not exist
|
|
eoan |
Does not exist
|
|
linux-azure Launchpad, Ubuntu, Debian |
xenial |
Released
(4.15.0-1075.80)
|
upstream |
Needs triage
|
|
trusty |
Released
(4.15.0-1074.79~14.04.1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
bionic |
Ignored
(end of life, was needs-triage)
|
|
eoan |
Not vulnerable
|
|
linux-azure-5.3 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
|
eoan |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Does not exist
|
|
linux-azure-edge Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of life, was needs-triage)
|
eoan |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Ignored
(end of standard support, was needs-triage)
|
|
linux-gcp Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
|
eoan |
Not vulnerable
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Released
(4.15.0-1058.62)
|
|
linux-gcp-5.3 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
|
eoan |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Not vulnerable
|
|
xenial |
Does not exist
|
|
linux-gcp-edge Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of life, was needs-triage)
|
eoan |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Not vulnerable
|
|
xenial |
Does not exist
|
|
linux-gke-4.15 Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1055.58)
|
eoan |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Not vulnerable
|
|
xenial |
Does not exist
|
|
linux-gke-5.0 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
|
eoan |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Not vulnerable
|
|
xenial |
Does not exist
|
|
linux-hwe Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
|
eoan |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Not vulnerable
|
|
xenial |
Released
(4.15.0-91.92~16.04.1)
|
|
linux-hwe-edge Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of life, was needs-triage)
|
eoan |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Ignored
(end of life, was needs-triage)
|
|
linux-kvm Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1056.57)
|
eoan |
Not vulnerable
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Not vulnerable
|
|
linux-lts-trusty Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
eoan |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Not vulnerable
|
|
xenial |
Does not exist
|
|
linux-lts-xenial Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
eoan |
Does not exist
|
|
trusty |
Not vulnerable
|
|
upstream |
Not vulnerable
|
|
xenial |
Does not exist
|
|
linux-oem Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1076.86)
|
eoan |
Released
(4.15.0-1076.86)
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Ignored
(end of standard support, was needs-triage)
|
|
linux-oem-5.4 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
eoan |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Not vulnerable
|
|
xenial |
Does not exist
|
|
linux-oem-osp1 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
|
eoan |
Not vulnerable
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Does not exist
|
|
linux-oracle Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1035.39)
|
eoan |
Not vulnerable
|
|
trusty |
Does not exist
|
|
upstream |
Not vulnerable
|
|
xenial |
Released
(4.15.0-1035.38~16.04.1)
|
|
linux-oracle-5.0 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
|
eoan |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Not vulnerable
|
|
xenial |
Does not exist
|
|
linux-raspi2 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(intel only)
|
eoan |
Not vulnerable
|
|
trusty |
Does not exist
|
|
upstream |
Not vulnerable
|
|
xenial |
Not vulnerable
|
|
linux-raspi2-5.3 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
|
eoan |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Not vulnerable
|
|
xenial |
Does not exist
|
|
linux-snapdragon Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
|
eoan |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Not vulnerable
|
|
xenial |
Not vulnerable
|
|
linux-aws-hwe Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
trusty |
Does not exist
|
|
xenial |
Released
(4.15.0-1063.67~16.04.1)
|
|
bionic |
Does not exist
|
|
eoan |
Does not exist
|
|
linux-gke-5.3 Launchpad, Ubuntu, Debian |
upstream |
Not vulnerable
|
trusty |
Does not exist
|
|
xenial |
Does not exist
|
|
bionic |
Not vulnerable
|
|
eoan |
Does not exist
|
|
linux-oracle-5.3 Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
trusty |
Does not exist
|
|
xenial |
Does not exist
|
|
bionic |
Not vulnerable
|
|
eoan |
Does not exist
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 5.5 |
Attack vector | Local |
Attack complexity | Low |
Privileges required | Low |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | None |
Availability impact | None |
Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |