14 DAY TRIAL // Canonical has released today new updates for all of its supported Ubuntu Linux operating system series to mitigate the recently disclosed Microarchitectural Data Sampling (MDS) security vulnerabilities in Intel CPUs.
Four new security vulnerabilities affecting Intel microprocessor have been publicly disclosed earlier, and Intel already released updated microcode firmware to mitigate them, but in the case of Linux-based operating system these flaws cannot be addressed only by updating the CPU firmware, but also by installing new Linux kernel versions and QEMU patches.
The vulnerabilities (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091) affect various Intel processors and could allow a local attacker to expose sensitive information. They have an impact on all supported Ubuntu Linux releases, including Ubuntu 19.04 (Disco Dingo), Ubuntu 18.10 (Cosmic Cuttlefish), Ubuntu 18.04 LTS (Bionic Beaver), Ubuntu 16.04 LTS (Xenial Xerus), and Ubuntu 14.04 ESM (Trusty Tahr).
"As these vulnerabilities affect such a large range of Intel processors (across laptop, desktop and server machines), a large percentage of Ubuntu users are expected to be impacted – users are encouraged to install these updated packages as soon as they become available," said Alex Murray, Ubuntu Security Tech Lead at Canonical.
Canonical recommends users to also disable Hyper-Threading
Canonical recommends all users of any of the supported Ubuntu Linux operating systems to install the new Linux kernel, Intel microcode firmware, and QEMU versions that the company released today through its official channels, and also encourages them to disable the Symmetric Multi-Threading (SMT) functionality (a.k.a. Hyper-Threading) as it complicates these new flaws.
Canonical also released today a new kernel live patch for Ubuntu 18.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 14.04 ESM systems to address the new Microarchitectural Data Sampling (MDS) security vulnerabilities in Intel CPUs. However, due to the high complexity of these security flaws, users are urged to reboot their systems into an updated Linux kernel as soon as possible.
The new intel-microcode version you need to update to is 3.20190514.0 for all Ubuntu releases. The new kernel versions are linux-image 5.0.0.15.16 for Ubuntu 19.04, linux-image 4.18.0.20.21 for Ubuntu 18.10, linux-image 4.15.0-50.54 for Ubuntu 18.04 LTS, as well as linux-image 4.4.0-148.174 for Ubuntu 16.04 LTS and 14.04 ESM.