What is the vulnerability ID for this update?

The vulnerability ID for this update is CVE-2018-3639.

What is the title of this update?

The title of this update is USN-3651-1: QEMU update.

Who discovered this vulnerability?

Ken Johnson and Jann Horn independently discovered this vulnerability.

What is the severity of this vulnerability?

The severity of this vulnerability is not mentioned in the information provided.

How can an attacker exploit this vulnerability?

An attacker in the guest could use this vulnerability to expose sensitive guest information, including kernel memory.

Vulnerability/
USN-3651-1

21/5/2018

USN-3651-1: QEMU update

First published: Mon May 21 2018(Updated: )

Ken Johnson and Jann Horn independently discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via sidechannel attacks. An attacker in the guest could use this to expose sensitive guest information, including kernel memory. This update allows QEMU to expose new CPU features added by microcode updates to guests on amd64 and i386.

Affected Software	Affected Version	How to fix
All of
ubuntu/qemu	<1:2.11+dfsg-1ubuntu7.2	1:2.11+dfsg-1ubuntu7.2
	=18.04
All of
ubuntu/qemu-system	<1:2.11+dfsg-1ubuntu7.2	1:2.11+dfsg-1ubuntu7.2
	=18.04
All of
ubuntu/qemu-system-x86	<1:2.11+dfsg-1ubuntu7.2	1:2.11+dfsg-1ubuntu7.2
	=18.04
All of
ubuntu/qemu	<1:2.10+dfsg-0ubuntu3.7	1:2.10+dfsg-0ubuntu3.7
	=17.10
All of
ubuntu/qemu-system	<1:2.10+dfsg-0ubuntu3.7	1:2.10+dfsg-0ubuntu3.7
	=17.10
All of
ubuntu/qemu-system-x86	<1:2.10+dfsg-0ubuntu3.7	1:2.10+dfsg-0ubuntu3.7
	=17.10
All of
ubuntu/qemu	<1:2.5+dfsg-5ubuntu10.29	1:2.5+dfsg-5ubuntu10.29
	=16.04
All of
ubuntu/qemu-system	<1:2.5+dfsg-5ubuntu10.29	1:2.5+dfsg-5ubuntu10.29
	=16.04
All of
ubuntu/qemu-system-x86	<1:2.5+dfsg-5ubuntu10.29	1:2.5+dfsg-5ubuntu10.29
	=16.04
All of
ubuntu/qemu	<2.0.0+dfsg-2ubuntu1.42	2.0.0+dfsg-2ubuntu1.42
	=14.04
All of
ubuntu/qemu-system	<2.0.0+dfsg-2ubuntu1.42	2.0.0+dfsg-2ubuntu1.42
	=14.04
All of
ubuntu/qemu-system-x86	<2.0.0+dfsg-2ubuntu1.42	2.0.0+dfsg-2ubuntu1.42
	=14.04

Never miss a vulnerability like this again

Reference Links

Child vulnerabilities

(Contains the following vulnerabilities)

CVE-2018-3639

Frequently Asked Questions

What is the vulnerability ID for this update?
The vulnerability ID for this update is CVE-2018-3639.
What is the title of this update?
The title of this update is USN-3651-1: QEMU update.
Who discovered this vulnerability?
Ken Johnson and Jann Horn independently discovered this vulnerability.
What is the severity of this vulnerability?
The severity of this vulnerability is not mentioned in the information provided.
How can an attacker exploit this vulnerability?
An attacker in the guest could use this vulnerability to expose sensitive guest information, including kernel memory.

agent/references
agent/severity
agent/type
agent/first-publish-date
agent/last-modified-date
agent/softwarecombine
collector/usn
source/Ubuntu
anchor-related/USN-3653-1
anchor-related/USN-3655-1
anchor-related/USN-3654-2
anchor-related/USN-3654-1
anchor-related/USN-3652-1
anchor-related/USN-3756-1
anchor-related/USN-3680-1
anchor-related/USN-3777-3
anchor-related/USN-3653-2
anchor-related/USN-3679-1
anchor-related/USN-3655-2
agent/software-canonical-lookup
agent/title
agent/tags
agent/description
agent/event
agent/trending
package-manager/ubuntu
vendor/ubuntu
canonical/ubuntu ubuntu
version/ubuntu ubuntu/18.04
version/ubuntu ubuntu/17.10
version/ubuntu ubuntu/16.04
version/ubuntu ubuntu/14.04