[Bug 1891812] [NEW] Missing Linux Kernel Mitigations

Sun, 16 Aug 2020 10:46:23 -0700 

Public bug reported:

We need assistance in resolving OpenVAS security scan findings related
to Spectre/Meltdown vulnerabilities across both Ubuntu 16.04LTS/20.04LTS
platforms on AWS. Both the systems were updated with the latest
supported Kernel versions (4.4.0.1111-aws & 5.4.0-1021-aws),  relevant
Intel Microcode updates (3.20200609.0ubuntu0.20.04.2) and suggested
mitigations on the Ubuntu Site. Please reference the findings below and
suggest any mitigations that we may need to take to address them.

The Linux Kernel on the remote host is missing one or more mitigation(s)
for hardware vulnerabilities as reported by the sysfs interface:

sysfs file (Related CVE(s))                                                     
                             | Kernel status
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
/sys/devices/system/cpu/vulnerabilities/itlb_multihit (CVE-2018-12207)          
                             | KVM: Vulnerable
/sys/devices/system/cpu/vulnerabilities/mds (CVE-2018-12126, CVE-2018-12130, 
CVE-2018-12127, CVE-2019-11091) | Vulnerable: Clear CPU buffers attempted, no 
microcode; SMT Host state unknown
/sys/devices/system/cpu/vulnerabilities/spec_store_bypass (CVE-2018-3639)       
                             | Vulnerable

Notes on specific Kernel status output:
- sysfs file missing: The sysfs interface is available but the sysfs file for 
this specific vulnerability is missing. This means the kernel doesn't know this 
vulnerability yet and is not providing any mitigation which means the target 
system is vulnerable.
- Strings including "Mitigation:", "Not affected" or "Vulnerable" are reported 
directly by the Linux Kernel.
- All other strings are responses to various SSH commands.

** Affects: ubuntu
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1891812

Title:
  Missing Linux Kernel Mitigations

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+bug/1891812/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to