USN-3521-1

See a problem?
Source
https://ubuntu.com/security/notices/USN-3521-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3521-1.json
JSON Data
https://api.osv.dev/v1/vulns/USN-3521-1
Related
Published
2018-01-09T14:52:33.639412Z
Modified
2018-01-09T14:52:33.639412Z
Summary
nvidia-graphics-drivers-384 vulnerability
Details

Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory.

This update provides mitigations to address the issue, along with compatibility fixes for the corresponding Linux kernel updates.

References

Affected packages

Ubuntu:14.04:LTS / nvidia-graphics-drivers-384

Package

Name
nvidia-graphics-drivers-384
Purl
pkg:deb/ubuntu/nvidia-graphics-drivers-384@384.111-0ubuntu0.14.04.1?arch=src?distro=trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
384.111-0ubuntu0.14.04.1

Affected versions

384.*

384.90-0ubuntu0.14.04.1

Ecosystem specific 

{
    "availability": "No subscription required",
    "binaries": [
        {
            "libcuda1-384": "384.111-0ubuntu0.14.04.1",
            "nvidia-384": "384.111-0ubuntu0.14.04.1",
            "nvidia-opencl-icd-384": "384.111-0ubuntu0.14.04.1",
            "nvidia-opencl-icd-375": "384.111-0ubuntu0.14.04.1",
            "nvidia-375": "384.111-0ubuntu0.14.04.1",
            "libcuda1-375": "384.111-0ubuntu0.14.04.1",
            "nvidia-384-dev": "384.111-0ubuntu0.14.04.1",
            "nvidia-375-dev": "384.111-0ubuntu0.14.04.1",
            "nvidia-libopencl1-384": "384.111-0ubuntu0.14.04.1",
            "nvidia-libopencl1-375": "384.111-0ubuntu0.14.04.1"
        }
    ]
}

Ubuntu:16.04:LTS / nvidia-graphics-drivers-384

Package

Name
nvidia-graphics-drivers-384
Purl
pkg:deb/ubuntu/nvidia-graphics-drivers-384@384.111-0ubuntu0.16.04.1?arch=src?distro=xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
384.111-0ubuntu0.16.04.1

Affected versions

384.*

384.90-0ubuntu0.16.04.1
384.90-0ubuntu0.16.04.2

Ecosystem specific 

{
    "availability": "No subscription required",
    "binaries": [
        {
            "libcuda1-384": "384.111-0ubuntu0.16.04.1",
            "nvidia-384": "384.111-0ubuntu0.16.04.1",
            "nvidia-opencl-icd-384": "384.111-0ubuntu0.16.04.1",
            "nvidia-opencl-icd-375": "384.111-0ubuntu0.16.04.1",
            "nvidia-375": "384.111-0ubuntu0.16.04.1",
            "libcuda1-375": "384.111-0ubuntu0.16.04.1",
            "nvidia-384-dev": "384.111-0ubuntu0.16.04.1",
            "nvidia-375-dev": "384.111-0ubuntu0.16.04.1",
            "nvidia-libopencl1-384": "384.111-0ubuntu0.16.04.1",
            "nvidia-libopencl1-375": "384.111-0ubuntu0.16.04.1"
        }
    ]
}