A Linux kernel security update has been released for Ubuntu Linux 14.04 ESM, 16.04 LTS, and 18.04 LTS.

USN-5319-1: Linux kernel vulnerabilities

=========================================================================
Ubuntu Security Notice USN-5319-1
March 09, 2022

linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15,
linux-dell300x, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm,
ilinux-lts-xenial, linux-oracle, linux-raspi2, linux-snapdragon
vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-azure-4.15: Linux kernel for Microsoft Azure Cloud systems
- linux-dell300x: Linux kernel for Dell 300x platforms
- linux-gcp-4.15: Linux kernel for Google Cloud Platform (GCP) systems
- linux-kvm: Linux kernel for cloud environments
- linux-oracle: Linux kernel for Oracle Cloud systems
- linux-raspi2: Linux kernel for Raspberry Pi systems
- linux-snapdragon: Linux kernel for Qualcomm Snapdragon processors
- linux-aws-hwe: Linux kernel for Amazon Web Services (AWS-HWE) systems
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-hwe: Linux hardware enablement (HWE) kernel
- linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty

Details:

Enrico Barberis, Pietro Frigo, Marius Muench, Herbert Bos, and Cristiano
Giuffrida discovered that hardware mitigations added by Intel to their
processors to address Spectre-BTI were insufficient. A local attacker could
potentially use this to expose sensitive information.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
linux-image-4.15.0-1037-dell300x 4.15.0-1037.42
linux-image-4.15.0-1089-oracle 4.15.0-1089.98
linux-image-4.15.0-1105-raspi2 4.15.0-1105.112
linux-image-4.15.0-1109-kvm 4.15.0-1109.112
linux-image-4.15.0-1118-gcp 4.15.0-1118.132
linux-image-4.15.0-1122-snapdragon 4.15.0-1122.131
linux-image-4.15.0-1123-aws 4.15.0-1123.132
linux-image-4.15.0-1133-azure 4.15.0-1133.146
linux-image-4.15.0-171-generic 4.15.0-171.180
linux-image-4.15.0-171-generic-lpae 4.15.0-171.180
linux-image-4.15.0-171-lowlatency 4.15.0-171.180
linux-image-aws-lts-18.04 4.15.0.1123.126
linux-image-azure-lts-18.04 4.15.0.1133.106
linux-image-dell300x 4.15.0.1037.39
linux-image-gcp-lts-18.04 4.15.0.1118.137
linux-image-generic 4.15.0.171.160
linux-image-generic-lpae 4.15.0.171.160
linux-image-kvm 4.15.0.1109.105
linux-image-lowlatency 4.15.0.171.160
linux-image-oracle-lts-18.04 4.15.0.1089.99
linux-image-raspi2 4.15.0.1105.103
linux-image-snapdragon 4.15.0.1122.125
linux-image-virtual 4.15.0.171.160

Ubuntu 16.04 ESM:
linux-image-4.15.0-1089-oracle 4.15.0-1089.98~16.04.1
linux-image-4.15.0-1118-gcp 4.15.0-1118.132~16.04.1
linux-image-4.15.0-1123-aws-hwe 4.15.0-1123.132~16.04.1
linux-image-4.15.0-1133-azure 4.15.0-1133.146~16.04.1
linux-image-4.15.0-171-generic 4.15.0-171.180~16.04.1
linux-image-4.15.0-171-lowlatency 4.15.0-171.180~16.04.1
linux-image-4.4.0-1102-kvm 4.4.0-1102.111
linux-image-4.4.0-1137-aws 4.4.0-1137.151
linux-image-4.4.0-221-generic 4.4.0-221.254
linux-image-4.4.0-221-lowlatency 4.4.0-221.254
linux-image-aws 4.4.0.1137.142
linux-image-aws-hwe 4.15.0.1123.113
linux-image-azure 4.15.0.1133.124
linux-image-gcp 4.15.0.1118.119
linux-image-generic 4.4.0.221.228
linux-image-generic-hwe-16.04 4.15.0.171.163
linux-image-gke 4.15.0.1118.119
linux-image-kvm 4.4.0.1102.100
linux-image-lowlatency 4.4.0.221.228
linux-image-lowlatency-hwe-16.04 4.15.0.171.163
linux-image-oem 4.15.0.171.163
linux-image-oracle 4.15.0.1089.77
linux-image-virtual 4.4.0.221.228
linux-image-virtual-hwe-16.04 4.15.0.171.163

Ubuntu 14.04 ESM:
linux-image-4.15.0-1133-azure 4.15.0-1133.146~14.04.1
linux-image-4.4.0-1101-aws 4.4.0-1101.106
linux-image-4.4.0-221-generic 4.4.0-221.254~14.04.1
linux-image-4.4.0-221-lowlatency 4.4.0-221.254~14.04.1
linux-image-aws 4.4.0.1101.99
linux-image-azure 4.15.0.1133.106
linux-image-generic-lts-xenial 4.4.0.221.192
linux-image-lowlatency-lts-xenial 4.4.0.221.192
linux-image-virtual-lts-xenial 4.4.0.221.192

IMPORTANT: As part of this update, unprivileged eBPF is being
disabled by default, as it is the primary known means of exploiting
the Branch History Injection issues described above. It should be
noted that other mechanisms for exploiting the underlying issues may
be discovered. Also, this may cause issues for applications that
rely on the unprivileged eBPF functionality. Please see the knowledge
base article at   https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/BHI
for more details.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-5319-1
CVE-2022-0001, CVE-2022-0002,
  https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/BHI

Package Information:
  https://launchpad.net/ubuntu/+source/linux/4.15.0-171.180
  https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1123.132
  https://launchpad.net/ubuntu/+source/linux-azure-4.15/4.15.0-1133.146
  https://launchpad.net/ubuntu/+source/linux-dell300x/4.15.0-1037.42
  https://launchpad.net/ubuntu/+source/linux-gcp-4.15/4.15.0-1118.132
  https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1109.112
  https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1089.98
  https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1105.112
  https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1122.131

--VXp0OVCGMVzaLk7H