USN-5319-1

Advisory lineage Upstream: 4 Downstream: 0
Published: 09 Mar 2022, 02:02
Last modified:03 Jun 2026, 13:34

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

09 Mar 2022, 02:02
Published
Vulnerability first disclosed
03 Jun 2026, 13:34
Last Modified
Vulnerability information updated

Description

linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, ilinux-lts-xenial, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities Enrico Barberis, Pietro Frigo, Marius Muench, Herbert Bos, and Cristiano Giuffrida discovered that hardware mitigations added by Intel to their processors to address Spectre-BTI were insufficient. A local attacker could potentially use this to expose sensitive information.

Affected Systems

  • ubuntulinux

    < 4.4.0-221.254 | < 4.15.0-171.180

  • ubuntulinux-aws

    < 4.4.0-1101.106 | < 4.4.0-1137.151 | < 4.15.0-1123.132

  • ubuntulinux-aws-hwe

    < 4.15.0-1123.132~16.04.1

  • ubuntulinux-azure

    < 4.15.0-1133.146~14.04.1 | < 4.15.0-1133.146~16.04.1

  • ubuntulinux-azure-4.15

    < 4.15.0-1133.146

  • ubuntulinux-dell300x

    < 4.15.0-1037.42

  • ubuntulinux-gcp

    < 4.15.0-1118.132~16.04.1

  • ubuntulinux-gcp-4.15

    < 4.15.0-1118.132

  • ubuntulinux-hwe

    < 4.15.0-171.180~16.04.1

  • ubuntulinux-kvm

    < 4.4.0-1102.111 | < 4.15.0-1109.112

  • ubuntulinux-lts-xenial

    < 4.4.0-221.254~14.04.1

  • ubuntulinux-oracle

    < 4.15.0-1089.98~16.04.1 | < 4.15.0-1089.98

  • ubuntulinux-raspi2

    < 4.15.0-1105.112

  • ubuntulinux-snapdragon

    < 4.15.0-1122.131

References (3)