This topic exists for the sole purpose of providing guidance on using the Security Vulnerabilities category and to host the metadata table below.
It is crucial that when you post a new topic of a new vulnerability that you update the table below. This allows us to render to the data properly at Vulnerability Knowledge Base | Ubuntu
Vulnerabilities
[details=vulnerabilities]
| Name | Description | Status | Published | Display until | ID |
|---|---|---|---|---|---|
| Native BHI (Branch History Injection 2) (CVE-2024-2201) | A new variant of the previously-disclosed BHI (also known as Spectre v2) vulnerabilities was discovered to affected certain Intel CPUs. The new publication shows that attacks are possible using vectors other than eBPF, leading to information disclosure. | Fixed | 24/04/2024 | 01/01/2024 | 53198 |
| Gather Data Sampling (GDS) Downfall (CVE-2022-40982) | It was discovered that some Intel processors were vulnerable to information exposure in certain vector (AVX) operations. | Fixed | 24/08/2023 | 01/01/2023 | 54183 |
| Retbleed and related return predictor microarchitectural flaws (CVE-2022-29901, CVE-2022-28693, CVE-2022-23816, CVE-2022-23825) | Multiple issues were discovered in AMD and Intel CPUs that result in information disclosure under mitigations for the Spectre Variant 2 vulnerability. | Fixed | 12/07/2022 | 01/01/2022 | 54185 |
| Dirty Pipe – page cache overwrite with pipes flaw in the Linux Kernel (CVE-2022-0847) | It was discovered that readable files could be overwritten at the page cache level unintentionally or by a malicious actor. That includes files that the process did not have write access to, were immutable or were on read-only filesystems. | Fixed | 10/03/2022 | 01/01/2022 | 54186 |
| Branch History Injection Microarchitectural flaws (CVE-2022-0001, CVE-2022-0002, CVE-2022-23960) | It was discovered that CPU internals can be abused by an unprivileged process to lead to information disclosure. | Fixed | 08/03/2022 | 01/01/2022 | 54774 |
| Log4Shell – Apache Log4j 2 remote code execution (CVE-2021-44228) | A zero-day vulnerability was discovered in Apache Log4j 2, a Java logging framework, that allows for arbitrary code execution through the exploitation of requests to attacker-controlled LDAP and other JNDI endpoints. | Fixed | 09/12/2021 | 02/03/1001 | 54773 |
| GRUB2 Secure Boot Bypass (CVE-2020-14372, CVE-2020-25632, CVE-2020-25647, CVE-2020-27749, CVE-2020-27779, CVE-2021-20225, CVE-2021-20233, CVE-2021-3418) | Several vulnerabilities have been identified in GRUB2 that allow UEFI Secure Boot protections to be bypassed by a local attacker with administrative privileges (root) or physical access. These are different from the previously disclosed BootHole set of vulnerabilities. | Fixed | 02/03/2021 | 01/01/2021 | 55893 |
| Platypus – Intel power side-channels (CVE-2020-8694, CVE-2020-8695) | Several vulnerabilities have been identified that affect the Linux kernel on Intel hosts through power side-channel attacks that allow information to be disclosed to non-privileged processes. | Fixed | 10/11/2020 | 01/01/2020 | 55889 |
| BootHole – GRUB2 Secure Boot Bypass (CVE-2020-10713, CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311, CVE-2020-15705, CVE-2020-15706, CVE-2020-15707) | Several vulnerabilities have been identified in GRUB2 that allow UEFI Secure Boot protections to be bypassed by a local attacker with administrative privileges (root) or physical access. | Fixed | 29/07/2020 | 01/01/2020 | 55890 |
| Crosstalk – Special Register Buffer Data Sampling (SRBDS) hardware vulnerability in Intel CPUs (CVE-2020-0543) | A vulnerability was discovered affecting selected Intel CPUs that could allow a local attacker to expose the memory of processes running on the same CPU as the malicious code. | Fixed | 09/06/2020 | 01/01/2020 | 55892 |
| TSX Asynchronous Abort (TAA) (CVE-2019-11135), Intel® Processor Machine Check Error (MCEPSC) (CVE-2018-12207), and i915 graphics (CVE-2019-0155, CVE-2019-0154) vulnerabilities | Several vulnerabilities have been identified in Intel CPUs and graphics cards that allow a local attacker to expose memory across security boundaries (similar to MDS), cause Denial of Service attacks, or escalate privileges. | Fixed | 12/11/2019 | 01/01/2019 | 55886 |
| HTTP/2 Denial of Service vulnerabilities | Several vulnerabilities were discovered in multiple implementations of the HTTP/2 transport protocol that allow a remote attacker to mount Denial of Service attacks. | Fixed | 13/08/2019 | 01/01/2019 | 55884 |
| Kubernetes API server vulnerability (CVE-2019-11247) | A Kubernetes vulnerability has been identified where the API server mistakenly allows access to a cluster-scoped custom resource, when the requesting user has restricted access to namespaced resources. | Fixed | 05/08/2019 | 01/01/2019 | 55882 |
| SACK Panic and other TCP Denial of Service issues (CVE-2019-11477, CVE-2019-11478, CVE-2019-11479) | Several vulnerabilities were discovered in the Linux kernel’s implementation of TCP that allow a remote attacker to cause a Denial of Service attack. | Fixed | 17/06/2019 | 01/01/2019 | 55881 |
| Microarchitectural Data Sampling (MDS) (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091) | A vulnerability was discovered in Intel CPUs that allow a local attacker to access data belonging to another process or data that originated from a different security context. As a result, unintended memory exposure can occur between userspace processes, between the kernel and userspace, between virtual machines, or between a virtual machine and the host environment. | Fixed | 14/05/2019 | 01/01/2019 | 55880 |
| Snap Socket Parsing (CVE-2019-7304) | A vulnerability was discovered in snapd that allow local privilege escalation attacks to be executed. | Fixed | 12/02/2019 | 01/01/2019 | 55879 |
| runC / docker.io privileged container escape (CVE-2019-5736) | It was discovered that a vulnerability affecting the runC container runtime can allow an attacker to gain root privileges on the host from inside a privileged container. | Fixed | 11/02/2019 | 01/01/2019 | 55877 |
| L1 Terminal Fault (L1TF) (CVE-2018-3615, CVE-2018-3620, CVE-2018-3646) | A vulnerability was discovered that allows a local attacker to extract memory associated to other processes from the L1 cache. | Fixed | 14/08/2018 | 01/01/2018 | 55875 |
| NetSpectre | A side channel attack was discovered against applications previously assumed to be immune to the Spectre vulnerability that can be used to read the contents of memory across a network. | Guidance available | 27/07/2018 | 01/01/2018 | 55874 |
| Bounds Check Bypass Store (BCBS) – Spectre 1.1, Spectre 1.2 (CVE-2018-3693) | It was discovered that systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side channel analysis. This vulnerability is similar to Spectre (CVE-2017-5753). | Guidance available | 10/07/2018 | 01/01/2018 | 55871 |
| Lazy FP Save/Restore (CVE-2018-3665) | A side channel attack was discovered that leaks certain register values between processes. | Fixed | 13/06/2018 | 01/01/2018 | 55869 |
| GPZ Variant 4 of Side Channel issues (CVE-2018-3639) | A variant of a cache speculation timing side channel attack was discovered, similar to the issues previously disclosed under the names Spectre and Meltdown. | Fixed | 21/05/2018 | 01/01/2018 | 55867 |
| Mov/Pop SS vulnerabilities (CVE-2018-8897, CVE-2018-1087) | A vulnerability was discovered in the Linux kernel that could be exploited by a local attacker to cause a denial of service (system crash). This issue only affected the amd64 architecture. | Fixed | 08/05/2018 | 01/01/2018 | 55866 |
| BlueBorne – Bluetooth vulnerabilities (CVE-2017-1000250, CVE-2017-1000251) | Two issues were discovered affecting the Bluetooth subsystem: an information disclosure in the BlueZ daemon and a kernel stack-based buffer overflow that can cause denial of service through a system crash, both of which a physically proximate unauthenticated attacker could exploit. | Fixed | 12/09/2017 | 01/01/2017 | 55865 |
| Spectre and Meltdown vulnerabilities (CVE-2017-5753, CVE-2017-5754, and CVE-2017-5715) | Security researchers announced a new class of side channel attacks that impact most processors, including processors from Intel, AMD, ARM and IBM. The attack allows malicious userspace processes to read kernel memory and malicious code in guests to read hypervisor memory. | Fixed | 04/01/2017 | 01/01/2017 | 55864 |
| httpoxy – CGI application vulnerability | It was discovered that certain CGI environments had a vulnerability related to the processing of the Proxy header. |
Fixed | 18/07/2016 | 01/01/2016 | 55849 |
| OpenSSH Client Roaming (CVE-2016-0777, CVE-2016-0778) | Two vulnerabilities were discovered in the OpenSSH client that could be exploited by a malicious SSH server to disclose private data (including private keys) or overwrite certain areas of the client’s memory. | Fixed | 14/01/2016 | 01/01/2016 | 55848 |
| Stagefright (CVE-2015-1538, CVE-2015-1539, CVE-2015-3824, CVE-2015-3826, CVE-2015-3827, CVE-2015-3828, CVE-2015-3829) | The Android stagefright vulnerability allows for a remote attacker to send a crafted MMS message to a victim’s phone to steal data, access hardware and install malware. Ubuntu Touch does not expose the affected functionality of these libraries in a way that can be leveraged by an attacker. | Not affected | 29/07/2015 | 01/01/2015 | 55924 |
| LogJam (CVE-2015-4000) | Cryptanalysis has shown that the use of shared parameters and short key sizes makes Diffie-Hellman exchange subceptible to compromise. | Fixed | 21/05/2015 | 01/01/2015 | 55844 |
| VENOM (CVE-2015-3456) | It was discovered that a buffer overflow existed in the virtual floppy disk controller of QEMU. An attacker could use this issue to cause QEMU to crash or execute arbitrary code in the host’s QEMU process. | Fixed | 13/05/2015 | 01/01/2015 | 55846 |
| GHOST (CVE-2015-0235) | It was discovered that a buffer overflow existed in a GNU C Library function. An attacker could use this issue to execute arbitrary code or cause an application crash, resulting in a denial of service. | Fixed | 27/01/2015 | 27/02/2015 | 55847 |