linux-lts-xenial, linux-aws vulnerability
A security issue affects these releases of Ubuntu and its
derivatives:
* Ubuntu 14.04 ESM
Summary
The system could be made to expose sensitive information.
Software Description
* linux-aws - Linux kernel for Amazon Web Services (AWS) systems
* linux-lts-xenial - Linux hardware enablement kernel from
Xenial for Trusty
Details
USN-4303-1 fixed vulnerabilities in the Linux kernel for Ubuntu
16.04 LTS. This update provides the corresponding updates for the
Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for
Ubuntu 14.04 ESM.
Paulo Bonzini discovered that the KVM hypervisor implementation in
the Linux kernel could improperly let a nested (level 2) guest
access the resources of a parent (level 1) guest in certain
situations. An attacker could use this to expose sensitive
information.
Update instructions
The problem can be corrected by updating your system to the
following package versions:
Ubuntu 14.04 ESM
linux-image-4.4.0-1064-aws - 4.4.0-1064.68
linux-image-4.4.0-176-generic - 4.4.0-176.206~14.04.1
linux-image-4.4.0-176-generic-lpae - 4.4.0-176.206~14.04.1
linux-image-4.4.0-176-lowlatency - 4.4.0-176.206~14.04.1
linux-image-4.4.0-176-powerpc-e500mc -
4.4.0-176.206~14.04.1
linux-image-4.4.0-176-powerpc-smp - 4.4.0-176.206~14.04.1
linux-image-4.4.0-176-powerpc64-emb -
4.4.0-176.206~14.04.1
linux-image-4.4.0-176-powerpc64-smp -
4.4.0-176.206~14.04.1
linux-image-aws - 4.4.0.1064.65
linux-image-generic-lpae-lts-xenial - 4.4.0.176.155
linux-image-generic-lts-xenial - 4.4.0.176.155
linux-image-lowlatency-lts-xenial - 4.4.0.176.155
linux-image-powerpc-e500mc-lts-xenial - 4.4.0.176.155
linux-image-powerpc-smp-lts-xenial - 4.4.0.176.155
linux-image-powerpc64-emb-lts-xenial - 4.4.0.176.155
linux-image-powerpc64-smp-lts-xenial - 4.4.0.176.155
linux-image-virtual-lts-xenial - 4.4.0.176.155
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to reboot your computer to
make all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates
have been given a new version number, which requires you to
recompile and reinstall all third party kernel modules you might
have installed. Unless you manually uninstalled the standard
kernel metapackages (e.g. linux-generic,
linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a
standard system upgrade will automatically perform this as well.
References
* USN-4303-1
* CVE-2020-2732
--- Mystic BBS v1.12 A45 (Linux/64)
* Origin: BZ&BZ BBS (21:4/110)