14 DAY TRIAL // Canonical released the first kernel security update for its Ubuntu 18.04 LTS (Bionic Beaver) operating system to fix a security issue that affects this release of Ubuntu and its derivatives.
As you can imagine, the kernel security update patches the Ubuntu 18.04 LTS (Bionic Beaver) operating system against the recently disclosed Speculative Store Buffer Bypass (SSBB) side-channel vulnerability, also known as Spectre Variant 4 or CVE-2018-3639, which could let a local attacker expose sensitive information in vulnerable systems.
"Jann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a side-channel attack. This flaw is known as Spectre Variant 4. A local attacker could use this to expose sensitive information, including kernel memory," reads the security advisory.
Canonical also notes the fact that to fully mitigate Spectre Variant 4, users must also update the processor microcode firmware. They've been working with Intel to offer future microcode updates that fully address Spectre Variant 4, but AMD users will need to contact their vendor for firmware updates.
To enable the kernel mitigations for Spectre Variant 4, the SSBD (Speculative Store Bypass Disable) feature is required on i386 (32-bit) and amd64 (64-bit) machines, which will be implemented by BIOS vendors with future updates. Therefore, users must also ensure they're using the latest BIOS version on their computers.
Canonical urges users to update their computers as soon as possible
Canonical is urging all Ubuntu 18.04 LTS (Bionic Beaver) users to update their systems as soon as possible and install the new kernel version is made available for 32-bit and 64-bit architectures, Amazon Web Services (AWS), Microsoft Azure Cloud, and Google Cloud Platform (GCP) systems, OEM processors, and cloud environments.
Ubuntu users in cloud environments would have to contact their respective cloud provider for an updated hypervisor that exposes the new CPU features to virtual machines. In addition, Canonical said that it provided corresponding QEMU updates to mitigate Spectre Variant 4 for Ubuntu users of self-hosted virtual environments.
The new kernel versions users should update to are linux-image-4.15.0-22.24 for 32-bit and 64-bit architectures, linux-image-4.15.0-1009.9 for AWS, linux-image-4.15.0-1012.12 for Azure, linux-image-4.15.0-1008.8 for GCP, linux-image-4.15.0-1010.10 for KVM, and linux-image-4.15.0-1006.9 for OEM. To update your systems follow the instructions at https://wiki.ubuntu.com/Security/Upgrades.