THIS IS A WIP AND SHOULD NOT BE TAKEN AS A SOC

PLEASE SEE SecurityTeam/KnowledgeBase - Ubuntu Wiki FOR ACCURATE SECURITY VULNERABILITIES

This topic exists for the sole purpose of providing guidance on using the Security Vulnerabilities category and to host the metadata table below.

It is crucial that when you post a new topic of a new vulnerability that you update the table below. This allows us to render to the data properly at https://ubunut.com/security/vulnerabilities

Vulnerabilities

[details=vulnerabilities]

Name Description Status Published Display until ID
Native BHI Luci Test Sander Wiebing, Alvise de Faveri Tron, Herbert Bos, and Cristiano Giuffrida from the Vrije Universiteit Amsterdam discovered that some Intel® Processors can be manipulated by unprivileged user processes such that indirect calls in kernel space speculatively execute ‘gadgets’ that will disclose private information. Vulnerable 09/04/2024 04/05/2026 53198
GDS_Downfall Daniel Moghimi discovered that some Intel® Processors were vulnerable to information exposure through microarchitectural state after transient execution in certain vector execution units. Fixed 08/08/2023 15/02/2025 54183
Retbleed Johannes Wikner and Kaveh Razavi of ETH Zürich discovered multiple issues with speculative branch prediction of return calls. Vulnerable 12/07/2022 02/03/2024 54185
Dirty Pipe It was discovered that readable files could be overwritten at the page cache level unintentionally or by a malicious actor. That includes files that the process did not have write access to, were immutable or were on read-only filesystems. In progress 28/02/2022 02/03/2024 54186
BHI It was discovered that certain processor internals can be manipulated by unprivileged user processes such that indirect calls in kernel space speculatively execute ‘gadgets’ that will disclose private information. TBD 08/03/2022 02/03/2023 54774
Log4Shell It was discovered that Apache Log4j2 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. Fixed 09/12/2021 02/03/1001 54773