- Vulnerability/
- USN-3690-1
USN-3690-1: AMD Microcode update
First published: Wed Jun 20 2018(Updated: )
Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provides the microcode updates for AMD 17H family processors required for the corresponding Linux kernel updates.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/amd64-microcode | <3.20180524.1~ubuntu0.18.04.1 | 3.20180524.1~ubuntu0.18.04.1 |
| =18.04 | ||
| All of | ||
| ubuntu/amd64-microcode | <3.20180524.1~ubuntu0.17.10.1 | 3.20180524.1~ubuntu0.17.10.1 |
| =17.10 | ||
| All of | ||
| ubuntu/amd64-microcode | <3.20180524.1~ubuntu0.16.04.1 | 3.20180524.1~ubuntu0.16.04.1 |
| =16.04 | ||
| All of | ||
| ubuntu/amd64-microcode | <3.20180524.1~ubuntu0.14.04.1 | 3.20180524.1~ubuntu0.14.04.1 |
| =14.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2017-5715
- https://ubuntu.com/security/notices/USN-3530-1
- https://ubuntu.com/security/notices/USN-3594-1
- https://ubuntu.com/security/notices/USN-3580-1
- https://ubuntu.com/security/notices/USN-3620-2
- https://ubuntu.com/security/notices/USN-3541-2
- https://ubuntu.com/security/notices/USN-3531-3
- https://ubuntu.com/security/notices/USN-3560-1
- https://ubuntu.com/security/notices/USN-3531-1
- https://ubuntu.com/security/notices/USN-3540-1
- https://ubuntu.com/security/notices/USN-3540-2
- https://ubuntu.com/security/notices/USN-3561-1
- https://ubuntu.com/security/notices/USN-3549-1
- https://ubuntu.com/security/notices/USN-3777-3
- https://ubuntu.com/security/notices/USN-3581-1
- https://ubuntu.com/security/notices/USN-3582-2
- https://ubuntu.com/security/notices/USN-3597-2
- https://ubuntu.com/security/notices/USN-3516-1
- https://ubuntu.com/security/notices/USN-3541-1
- https://ubuntu.com/security/notices/USN-3597-1
- https://ubuntu.com/security/notices/USN-3582-1
- https://ubuntu.com/security/notices/USN-3542-1
- https://ubuntu.com/security/notices/USN-3542-2
- https://ubuntu.com/security/notices/USN-3581-2
- https://launchpad.net/ubuntu/+source/amd64-microcode/3.20180524.1~ubuntu0.18.04.1
- https://launchpad.net/ubuntu/+source/amd64-microcode/3.20180524.1~ubuntu0.17.10.1
- https://launchpad.net/ubuntu/+source/amd64-microcode/3.20180524.1~ubuntu0.16.04.1
- https://launchpad.net/ubuntu/+source/amd64-microcode/3.20180524.1~ubuntu0.14.04.1
- https://ubuntu.com/security/notices/USN-3690-1 (Advisory)
Frequently Asked Questions
What is the vulnerability ID for this update?
The vulnerability ID for this update is CVE-2017-5715.
What is the severity of CVE-2017-5715?
The severity of CVE-2017-5715 is high.
How does CVE-2017-5715 affect AMD Microcode?
CVE-2017-5715 allows unauthorized memory reads via side-channel attacks on microprocessors utilizing speculative execution and branch prediction, potentially exposing sensitive information, including kernel memory.
Which versions of Ubuntu are affected by CVE-2017-5715?
Ubuntu versions 18.04, 17.10, 16.04, and 14.04 are affected by CVE-2017-5715.
How can I fix the CVE-2017-5715 vulnerability?
You can fix the CVE-2017-5715 vulnerability by updating the amd64-microcode package to version 3.20180524.1~ubuntu0.18.04.1 for Ubuntu 18.04, version 3.20180524.1~ubuntu0.17.10.1 for Ubuntu 17.10, version 3.20180524.1~ubuntu0.16.04.1 for Ubuntu 16.04, or version 3.20180524.1~ubuntu0.14.04.1 for Ubuntu 14.04.
- agent/severity
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- collector/usn
- source/Ubuntu
- anchor-related/USN-3530-1
- anchor-related/USN-3594-1
- anchor-related/USN-3580-1
- anchor-related/USN-3620-2
- anchor-related/USN-3541-2
- anchor-related/USN-3531-3
- anchor-related/USN-3560-1
- anchor-related/USN-3531-1
- anchor-related/USN-3540-1
- anchor-related/USN-3540-2
- anchor-related/USN-3561-1
- anchor-related/USN-3549-1
- anchor-related/USN-3777-3
- anchor-related/USN-3581-1
- anchor-related/USN-3582-2
- anchor-related/USN-3597-2
- anchor-related/USN-3516-1
- anchor-related/USN-3541-1
- anchor-related/USN-3597-1
- anchor-related/USN-3582-1
- anchor-related/USN-3542-1
- anchor-related/USN-3542-2
- anchor-related/USN-3581-2
- agent/software-canonical-lookup
- agent/title
- agent/references
- agent/tags
- agent/description
- agent/event
- agent/trending
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/18.04
- version/ubuntu ubuntu/17.10
- version/ubuntu ubuntu/16.04
- version/ubuntu ubuntu/14.04