CVE-2024-2201

2024-04-0900:00:00

ubuntu.com

x86

branch history

injection

vulnerability

unix

AI Score

6.5

Confidence

Low

JSON

[x86: Native Branch History Injection]

Notes

Author	Note
sbeattie	in the short term, Ubuntu 6.6 based kernels (Ubuntu 23.10 LTS and Ubuntu 22.04 HWE kernels) have backported the first round of native_bhi mitigations, but are defaulting to spectre_bhi=auto. The kernel commandline parameter can be changed to spectre_bhi=on if desired; see the kernel parameters documentation linked to in the references section. This default will change to match the upstream kernel’s default to “on” in a subsequent update.
rodrigo-zaiden	USN-6765-1 for linux-oem-6.5 wrongly stated that this CVE was fixed in version 6.5.0-1022.23. The mentioned notice was revoked and the state of the fix for linux-oem-6.5 was recovered to the previous state.
apw	patches #1 and #7 are not expected before jammy they were not required for mitigation; make them both conditional on v5.15 being present.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlinux< anyUNKNOWN
ubuntu20.04noarchlinux< anyUNKNOWN
ubuntu22.04noarchlinux< 5.15.0-106.116UNKNOWN
ubuntu23.10noarchlinux< 6.5.0-35.35UNKNOWN
ubuntu16.04noarchlinux< anyUNKNOWN
ubuntu18.04noarchlinux-aws< anyUNKNOWN
ubuntu20.04noarchlinux-aws< anyUNKNOWN
ubuntu22.04noarchlinux-aws< 5.15.0-1061.67UNKNOWN
ubuntu23.10noarchlinux-aws< 6.5.0-1020.20UNKNOWN
ubuntu14.04noarchlinux-aws< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	linux	< any	UNKNOWN
ubuntu	20.04	noarch	linux	< any	UNKNOWN
ubuntu	22.04	noarch	linux	< 5.15.0-106.116	UNKNOWN
ubuntu	23.10	noarch	linux	< 6.5.0-35.35	UNKNOWN
ubuntu	16.04	noarch	linux	< any	UNKNOWN
ubuntu	18.04	noarch	linux-aws	< any	UNKNOWN
ubuntu	20.04	noarch	linux-aws	< any	UNKNOWN
ubuntu	22.04	noarch	linux-aws	< 5.15.0-1061.67	UNKNOWN
ubuntu	23.10	noarch	linux-aws	< 6.5.0-1020.20	UNKNOWN
ubuntu	14.04	noarch	linux-aws	< any	UNKNOWN

Rows per page:

1-10 of 831

References

download.vusec.net/papers/inspectre_sec24.pdf

git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2bb69f5fc72183e1c62547d900f560d0e9334925

git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/admin-guide/kernel-parameters.txt?id=2bb69f5fc72183e1c62547d900f560d0e9334925#n6066

launchpad.net/bugs/cve/CVE-2024-2201

lists.xenproject.org/archives/html/xen-announce/2024-04/msg00004.html

nvd.nist.gov/vuln/detail/CVE-2024-2201

security-tracker.debian.org/tracker/CVE-2024-2201

ubuntu.com/security/notices/USN-6766-1

ubuntu.com/security/notices/USN-6766-2

ubuntu.com/security/notices/USN-6766-3

ubuntu.com/security/notices/USN-6774-1

ubuntu.com/security/notices/USN-6795-1

ubuntu.com/security/notices/USN-6828-1

ubuntu.com/security/notices/USN-6865-1

ubuntu.com/security/notices/USN-6866-1