Language Selection

English French German Italian Portuguese Spanish

Ubuntu Is Now Patched Against Latest Intel Processor Graphics Vulnerabilities

Filed under
Security
Ubuntu

Canonical has released today new Linux kernel patches to address the latest security vulnerabilities affecting Intel Graphics Processing Units (GPUs) in all of its supported Ubuntu releases.

Two weeks ago, on January 14th, Intel revealed two new vulnerabilities affecting systems with Intel Graphics Processing Units (GPUs), known as CVE-2020-7053 and CVE-2019-14615. These vulnerabilities were present in the Intel graphics driver (i915) for GNU/Linux systems, and thus having an impact on almost all Linux-based operating systems.

CVE-2019-14615 did not let the Linux kernel to properly clear data structures on context switches for some Intel GPUs, which could allow a local attacker to expose sensitive information. On the other hand, CVE-2020-7053 is a race condition that could lead to a use-after-free, destroying GEM contexts in the i915 graphics driver. This could allow a local attacker to crash the system or execute arbitrary code.

Read more

Canonical Releases Ubuntu 16.04 LTS Kernel Security Update

  • Canonical Releases Ubuntu 16.04 LTS Kernel Security Update to Address 9 Flaws

    Canonical has released today a new Linux kernel security update for the Ubuntu 16.04 LTS (Xenial Xerus) operating system to address several vulnerabilities.

    In addition to mitigating the CVE-2019-14615 vulnerability affecting certain Intel graphics processors, the new Linux kernel security update addresses a race condition (CVE-2019-18683) in the Virtual Video Test Driver (VIVID), which could allow an attacker with access to /dev/video0 to gain administrative privileges.

    Also patched are multiple memory leaks (CVE-2019-19057) in the Marvell WiFi-Ex driver and a NULL pointer dereference (CVE-2019-18885) in the Btrfs file system.

Have an Intel processor? Enjoy two more vulnerabilities

  • Have an Intel processor? Enjoy two more vulnerabilities

    Intel are not having a good time lately are they? More vulnerabilities in their CPUs have been made public.

    How many is that Intel have had recently that affect them? Quite a lot. This time, it appears AMD are not affected at least. Still, this is a lot of major security problems to go through with Spectre and Meltdown, Foreshadow and ZombieLoad. Currently, Intel are saying that they're "not aware of any use of these issues outside of a controlled lab environment" so you don't need to go and panic just yet. Just keep an eye on updates for your distribution and motherboard BIOS updates.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

GNU Parallel 20200222 ('BrexitDay') released [stable]

GNU Parallel 20200222 ('BrexitDay') [stable] has been released. It is available for download at: http://ftpmirror.gnu.org/parallel/ No new functionality was introduced so this is a good candidate for a stable release. GNU Parallel is 10 years old next year on 2020-04-22. You are here by invited to a reception on Friday 2020-04-17. Read more

GNU/Linux in Crostini Form

  • Using 'LXPanel' as a UI for Crostini

    If you are used to a menu-driven user interface in Linux or find the Chrome OS application launcher not quite to your liking for accessing Crostini Linux applications then one option you could try is LXPanel. The panel generates a menu for installed applications automatically from '*.desktop' files and can itself be incorporated in its own '.desktop' file which if pinned to the Chrome OS shelf can also be used as a means to start the 'penguin' container after booting. Unfortunately it is not quite perfect as the panel is displayed in the middle of the screen and doesn't respond well to changing its position under geometry in its panel settings. However you can toggle its visibility by clicking the panel's icon on the shelf. Also closing the panel (by right clicking the icon) only closes the 'LXPanel' application in Chrome OS so to terminate it fully you need to use 'killall lxpanel' in a terminal session.

  • Linux apps on Chromebooks may be reason enough for external GPU support

    We’ve been tracking a device known only as ‘Mushu’ for about a month at this point, and it brings with it a very specific and interesting addition to the Chrome OS ecosystem: a discrete GPU (or dGPU for short). When we first reported on this device being in development, I suggested that I don’t see a ton of use cases for a Chromebook with a dGPU for most users. Without a proper video editor or tons of ways to play locally-stored games, its hard to make a case for dGPUs when existing Chromebooks are already so fast at what they do.

NVIDIA's Ray Tracing Approach in Vulkan

  • NVIDIA talk up bringing DirectX Ray Tracing to Vulkan

    With Ray Tracing becoming ever more popular, NVIDIA have written up a technical post on bringing DirectX Ray Tracing to Vulkan to encourage more developers to do it. The blog post, titled "Bringing HLSL Ray Tracing to Vulkan" mentions that porting content requires both the API calls (so DirectX to Vulkan) and the Shaders (HLSL to SPIR-V). Something that's not so difficult now, with the SPIR-V backend to Microsoft's open source DirectXCompiler (DXC). Since last year, NVIDIA added ray tracing support to DXC's SPIR-V back-end too using their SPV_NV_ray_tracing extension and there's already titles shipping with it like Quake II RTX and Wolfenstein: Youngblood. While this is all NVIDIA-only for now, The Khronos Group is having discussions to get a cross-vendor version of the Vulkan ray tracing extension implemented and NVIDIA expect the work already done can be used with it which does sound good.

  • NVIDIA Demonstrates Porting Of DirectX Ray-Tracing To Vulkan

    NVIDIA has written a new technical blog post on bringing HLSL ray-tracing to Vulkan with the same capabilities of DirextX Ray-Tracing. This effort is made feasible by Microsoft's existing open-source DirectXCompiler (DXC) with SPIR-V back-end for consumption by Vulkan drivers. Last year NVIDIA contributed to the open-source DXC support for SPV_NV_ray_tracing. This in turn with the open-source tooling allows converting DXR HLSL shaders into SPIR-V modules for Vulkan.

Vulkan Survey and AMDVLK, AMD Targets GNU/Linux

  • LunarG's Vulkan developer survey results out now - Vulkan also turns 4

    LunarG, the software company that Valve sponsors who work on building out the ecosystem for the Vulkan API recently conducted a Vulkan developer survey with the results out now. Before going over the results, just a reminder that Vulkan just recently turned four years old! The 1.0 specification went public on February 16, 2016. Since then, we've seen some pretty amazing things thanks to it. We've had Linux ports that perform really nicely, the mighty DXVK translation layer advanced dramatically, to the vkBasalt post-processing layer and so on—there's been a lot going on. However, as a graphics API do remember it's pretty young and has a long life ahead of it. As for the LunarG survey: there were 349 replies to it, and while not a huge amount it gives us an interesting insight into what some developers think and feel about how Vulkan is doing as a whole. Overall, it gives quite a positive picture on the health of Vulkan with over 60% feeling the overall quality of the Vulkan ecosystem as "Good" and almost 20% rating it as "Excellent".

  • AMDVLK 2020.Q1.2 Released With Vulkan 1.2 Support

    AMDVLK 2020.Q1.2 is out as the first official AMD open-source Vulkan Linux driver code drop in one month. AMDVLK has been off its wagon this quarter with their previous weekly/bi-weekly code drops of AMDVLK but that just means the v2020.Q1.2 is quite a big one. First up, AMDVLK 2020.Q1.2 now is supporting Vulkan 1.2 that debuted back in January and with Mesa's RADV Radeon Vulkan driver already having supported it for weeks.

  • Radeon Pro Software for Enterprise 20.Q1.1 for Linux Released

    AMD's Radeon Pro Software for Enterprise 20.Q1.1 Linux driver release was made available this week as their newest quarterly driver installment intended for use with Radeon Pro graphics hardware.