CVE-2020-8832

Published: 5 March 2020

The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 ("The Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors.") was discovered to be incomplete, meaning that in versions of the kernel before 4.15.0-91.92, an attacker could use this vulnerability to expose sensitive information.

From the Ubuntu Security Team

Gregory Herrero discovered that the fix for CVE-2019-14615 to address the Linux kernel not properly clearing data structures on context switches for certain Intel graphics processors was incomplete. A local attacker could use this to expose sensitive information.

Notes

Author	Note
sbeattie	this issue is Ubuntu specific and only affects 4.15 kernels.

Priority

Cvss 3 Severity Score

5.5

Score breakdown

Status

Package	Release	Status
linux Launchpad, Ubuntu, Debian	bionic	Released (4.15.0-91.92)
	eoan	Not vulnerable
	trusty	Not vulnerable
	upstream	Not vulnerable
	xenial	Not vulnerable
linux-aws Launchpad, Ubuntu, Debian	bionic	Released (4.15.0-1063.67)
	eoan	Not vulnerable
	trusty	Ignored (was needs-triage ESM criteria)
	upstream	Needs triage
	xenial	Not vulnerable
linux-aws-5.0 Launchpad, Ubuntu, Debian	bionic	Ignored (end of life, was needs-triage)
	trusty	Does not exist
	upstream	Needs triage
	xenial	Does not exist
	eoan	Does not exist
linux-azure Launchpad, Ubuntu, Debian	xenial	Released (4.15.0-1075.80)
	upstream	Needs triage
	trusty	Released (4.15.0-1074.79~14.04.1) Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
	bionic	Ignored (end of life, was needs-triage)
	eoan	Not vulnerable
linux-azure-5.3 Launchpad, Ubuntu, Debian	bionic	Not vulnerable
	eoan	Does not exist
	trusty	Does not exist
	upstream	Needs triage
	xenial	Does not exist
linux-azure-edge Launchpad, Ubuntu, Debian	bionic	Ignored (end of life, was needs-triage)
	eoan	Does not exist
	trusty	Does not exist
	upstream	Needs triage
	xenial	Ignored (end of standard support, was needs-triage)
linux-gcp Launchpad, Ubuntu, Debian	bionic	Not vulnerable
	eoan	Not vulnerable
	trusty	Does not exist
	upstream	Needs triage
	xenial	Released (4.15.0-1058.62)
linux-gcp-5.3 Launchpad, Ubuntu, Debian	bionic	Not vulnerable
	eoan	Does not exist
	trusty	Does not exist
	upstream	Not vulnerable
	xenial	Does not exist
linux-gcp-edge Launchpad, Ubuntu, Debian	bionic	Ignored (end of life, was needs-triage)
	eoan	Does not exist
	trusty	Does not exist
	upstream	Not vulnerable
	xenial	Does not exist
linux-gke-4.15 Launchpad, Ubuntu, Debian	bionic	Released (4.15.0-1055.58)
	eoan	Does not exist
	trusty	Does not exist
	upstream	Not vulnerable
	xenial	Does not exist
linux-gke-5.0 Launchpad, Ubuntu, Debian	bionic	Not vulnerable
	eoan	Does not exist
	trusty	Does not exist
	upstream	Not vulnerable
	xenial	Does not exist
linux-hwe Launchpad, Ubuntu, Debian	bionic	Not vulnerable
	eoan	Does not exist
	trusty	Does not exist
	upstream	Not vulnerable
	xenial	Released (4.15.0-91.92~16.04.1)
linux-hwe-edge Launchpad, Ubuntu, Debian	bionic	Ignored (end of life, was needs-triage)
	eoan	Does not exist
	trusty	Does not exist
	upstream	Needs triage
	xenial	Ignored (end of life, was needs-triage)
linux-kvm Launchpad, Ubuntu, Debian	bionic	Released (4.15.0-1056.57)
	eoan	Not vulnerable
	trusty	Does not exist
	upstream	Needs triage
	xenial	Not vulnerable
linux-lts-trusty Launchpad, Ubuntu, Debian	bionic	Does not exist
	eoan	Does not exist
	trusty	Does not exist
	upstream	Not vulnerable
	xenial	Does not exist
linux-lts-xenial Launchpad, Ubuntu, Debian	bionic	Does not exist
	eoan	Does not exist
	trusty	Not vulnerable
	upstream	Not vulnerable
	xenial	Does not exist
linux-oem Launchpad, Ubuntu, Debian	bionic	Released (4.15.0-1076.86)
	eoan	Released (4.15.0-1076.86)
	trusty	Does not exist
	upstream	Needs triage
	xenial	Ignored (end of standard support, was needs-triage)
linux-oem-5.4 Launchpad, Ubuntu, Debian	bionic	Does not exist
	eoan	Does not exist
	trusty	Does not exist
	upstream	Not vulnerable
	xenial	Does not exist
linux-oem-osp1 Launchpad, Ubuntu, Debian	bionic	Not vulnerable
	eoan	Not vulnerable
	trusty	Does not exist
	upstream	Needs triage
	xenial	Does not exist
linux-oracle Launchpad, Ubuntu, Debian	bionic	Released (4.15.0-1035.39)
	eoan	Not vulnerable
	trusty	Does not exist
	upstream	Not vulnerable
	xenial	Released (4.15.0-1035.38~16.04.1)
linux-oracle-5.0 Launchpad, Ubuntu, Debian	bionic	Not vulnerable
	eoan	Does not exist
	trusty	Does not exist
	upstream	Not vulnerable
	xenial	Does not exist
linux-raspi2 Launchpad, Ubuntu, Debian	bionic	Not vulnerable (intel only)
	eoan	Not vulnerable
	trusty	Does not exist
	upstream	Not vulnerable
	xenial	Not vulnerable
linux-raspi2-5.3 Launchpad, Ubuntu, Debian	bionic	Not vulnerable
	eoan	Does not exist
	trusty	Does not exist
	upstream	Not vulnerable
	xenial	Does not exist
linux-snapdragon Launchpad, Ubuntu, Debian	bionic	Not vulnerable
	eoan	Does not exist
	trusty	Does not exist
	upstream	Not vulnerable
	xenial	Not vulnerable
linux-aws-hwe Launchpad, Ubuntu, Debian	upstream	Needs triage
	trusty	Does not exist
	xenial	Released (4.15.0-1063.67~16.04.1)
	bionic	Does not exist
	eoan	Does not exist
linux-gke-5.3 Launchpad, Ubuntu, Debian	upstream	Not vulnerable
	trusty	Does not exist
	xenial	Does not exist
	bionic	Not vulnerable
	eoan	Does not exist
linux-oracle-5.3 Launchpad, Ubuntu, Debian	upstream	Needs triage
	trusty	Does not exist
	xenial	Does not exist
	bionic	Not vulnerable
	eoan	Does not exist

Severity score breakdown

Parameter	Value
Base score	5.5
Attack vector	Local
Attack complexity	Low
Privileges required	Low
User interaction	None
Scope	Unchanged
Confidentiality	High
Integrity impact	None
Availability impact	None
Vector	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References

Bugs

https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1862840

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›