PLEASE SEE SecurityTeam/KnowledgeBase - Ubuntu Wiki FOR ACCURATE SECURITY VULNERABILITIES
This topic exists for the sole purpose of providing guidance on using the Security Vulnerabilities category and to host the metadata table below.
It is crucial that when you post a new topic of a new vulnerability that you update the table below. This allows us to render to the data properly at https://ubunut.com/security/vulnerabilities
Vulnerabilities
[details=vulnerabilities]
Name | Description | Status | Published | Display until | ID |
---|---|---|---|---|---|
Native BHI | Luci Test Sander Wiebing, Alvise de Faveri Tron, Herbert Bos, and Cristiano Giuffrida from the Vrije Universiteit Amsterdam discovered that some Intel® Processors can be manipulated by unprivileged user processes such that indirect calls in kernel space speculatively execute ‘gadgets’ that will disclose private information. | Vulnerable | 09/04/2024 | 04/05/2026 | 53198 |
GDS_Downfall | Daniel Moghimi discovered that some Intel® Processors were vulnerable to information exposure through microarchitectural state after transient execution in certain vector execution units. | Fixed | 08/08/2023 | 15/02/2025 | 54183 |
Retbleed | Johannes Wikner and Kaveh Razavi of ETH Zürich discovered multiple issues with speculative branch prediction of return calls. | Vulnerable | 12/07/2022 | 02/03/2024 | 54185 |
Dirty Pipe | It was discovered that readable files could be overwritten at the page cache level unintentionally or by a malicious actor. That includes files that the process did not have write access to, were immutable or were on read-only filesystems. | In progress | 28/02/2022 | 02/03/2024 | 54186 |
BHI | It was discovered that certain processor internals can be manipulated by unprivileged user processes such that indirect calls in kernel space speculatively execute ‘gadgets’ that will disclose private information. | TBD | 08/03/2022 | 02/03/2023 | 54774 |
Log4Shell | It was discovered that Apache Log4j2 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. | Fixed | 09/12/2021 | 02/03/1001 | 54773 |