{"id":"USN-3549-1","summary":"linux-kvm vulnerabilities","details":"Jann Horn discovered that microprocessors utilizing speculative\nexecution and branch prediction may allow unauthorized memory\nreads via sidechannel attacks. This flaw is known as Spectre. A\nlocal attacker could use this to expose sensitive information,\nincluding kernel memory. (CVE-2017-5715, CVE-2017-5753)\n","modified":"2026-02-10T04:41:16Z","published":"2018-01-29T18:35:38Z","related":["UBUNTU-CVE-2017-5715","UBUNTU-CVE-2017-5753"],"upstream":["CVE-2017-5715","CVE-2017-5753","UBUNTU-CVE-2017-5715","UBUNTU-CVE-2017-5753"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-3549-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-5715"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-5753"}],"affected":[{"package":{"name":"linux-kvm","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/linux-kvm@4.4.0-1017.22?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.4.0-1017.22"}]}],"versions":["4.4.0-1004.9","4.4.0-1007.12","4.4.0-1008.13","4.4.0-1009.14","4.4.0-1010.15","4.4.0-1012.17","4.4.0-1013.18","4.4.0-1015.20"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"linux-cloud-tools-4.4.0-1017-kvm","binary_version":"4.4.0-1017.22"},{"binary_name":"linux-headers-4.4.0-1017-kvm","binary_version":"4.4.0-1017.22"},{"binary_name":"linux-image-4.4.0-1017-kvm","binary_version":"4.4.0-1017.22"},{"binary_name":"linux-kvm-cloud-tools-4.4.0-1017","binary_version":"4.4.0-1017.22"},{"binary_name":"linux-kvm-headers-4.4.0-1017","binary_version":"4.4.0-1017.22"},{"binary_name":"linux-kvm-tools-4.4.0-1017","binary_version":"4.4.0-1017.22"},{"binary_name":"linux-tools-4.4.0-1017-kvm","binary_version":"4.4.0-1017.22"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3549-1.json","cves_map":{"ecosystem":"Ubuntu:16.04:LTS","cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"type":"Ubuntu","score":"high"}],"id":"CVE-2017-5715"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"type":"Ubuntu","score":"high"}],"id":"CVE-2017-5753"}]}}}],"schema_version":"1.7.3"}