Name | CVE-2020-8832 |
Description | The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 ("The Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors.") was discovered to be incomplete, meaning that in versions of the kernel before 4.15.0-91.92, an attacker could use this vulnerability to expose sensitive information. |
Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
Vulnerable and fixed packages
The table below lists information on source packages.
Source Package | Release | Version | Status |
---|
linux (PTS) | jessie, jessie (lts) | 3.16.84-1 | fixed |
| stretch (security) | 4.9.320-2 | fixed |
| stretch (lts), stretch | 4.9.320-3 | fixed |
| buster (security), buster, buster (lts) | 4.19.316-1 | fixed |
| bullseye | 5.10.223-1 | fixed |
| bullseye (security) | 5.10.226-1 | fixed |
| bookworm | 6.1.115-1 | fixed |
| bookworm (security) | 6.1.119-1 | fixed |
| trixie | 6.12.5-1 | fixed |
| sid | 6.12.6-1 | fixed |
The information below is based on the following data on fixed versions.
Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
---|
linux | source | jessie | (not affected) | | | |
linux | source | stretch | (not affected) | | | |
linux | source | (unstable) | 4.16.5-1 | | | |
Notes
[stretch] - linux <not-affected> (Vulnerable code not present, incomplete fix not applied)
[jessie] - linux <not-affected> (No support for this hardware)
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1862840
The CVE is for an incomplete fix for CVE-2019-14615 which technically only
affects upstream versions (and downstreams) which applied the fix fo
CVE-2019-14615 which is bc8a76a152c5 ("drm/i915/gen9: Clear residual context
state on context switch"). But there is need to apply as well the prerequistite
d2b4b97933f5 ("drm/i915: Record the default hw state after reset upon load").