[Kernel-packages] [Bug 1891812] Re: Missing Linux Kernel Mitigations

Mon, 17 Aug 2020 03:41:59 -0700 

** Package changed: ubuntu => linux-aws (Ubuntu)

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-aws in Ubuntu.
https://bugs.launchpad.net/bugs/1891812

Title:
  Missing Linux Kernel Mitigations

Status in linux-aws package in Ubuntu:
  New

Bug description:
  We need assistance in resolving OpenVAS security scan findings related
  to Spectre/Meltdown vulnerabilities across both Ubuntu
  16.04LTS/20.04LTS platforms on AWS. Both the systems were updated with
  the latest supported Kernel versions (4.4.0.1111-aws &
  5.4.0-1021-aws),  relevant Intel Microcode updates
  (3.20200609.0ubuntu0.20.04.2) and suggested mitigations on the Ubuntu
  Site. Please reference the findings below and suggest any mitigations
  that we may need to take to address them.

  The Linux Kernel on the remote host is missing one or more
  mitigation(s) for hardware vulnerabilities as reported by the sysfs
  interface:

  sysfs file (Related CVE(s))                                                   
                               | Kernel status
  
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
  /sys/devices/system/cpu/vulnerabilities/itlb_multihit (CVE-2018-12207)        
                               | KVM: Vulnerable
  /sys/devices/system/cpu/vulnerabilities/mds (CVE-2018-12126, CVE-2018-12130, 
CVE-2018-12127, CVE-2019-11091) | Vulnerable: Clear CPU buffers attempted, no 
microcode; SMT Host state unknown
  /sys/devices/system/cpu/vulnerabilities/spec_store_bypass (CVE-2018-3639)     
                               | Vulnerable

  Notes on specific Kernel status output:
  - sysfs file missing: The sysfs interface is available but the sysfs file for 
this specific vulnerability is missing. This means the kernel doesn't know this 
vulnerability yet and is not providing any mitigation which means the target 
system is vulnerable.
  - Strings including "Mitigation:", "Not affected" or "Vulnerable" are 
reported directly by the Linux Kernel.
  - All other strings are responses to various SSH commands.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-aws/+bug/1891812/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to