Canonical Releases Important Ubuntu Kernel Live Patch to Fix L1TF, SpectreRSB

The two L1FT vulnerabilities fixed in this new kernel livepatch are CVE-2018-3620 and CVE-2018-3646, but it also addresses a flaw that reduced the effectiveness of Spectre Variant 2 mitigations for paravirtual guests (CVE-2018-15594), a use-after-free vulnerability in the IRDA implementation (CVE-2018-6555), and a critical stack-based buffer overflow in the iSCSI target implementation (CVE-2018-14633). Furthermore, the new kernel livepatch fixes the recently discovered CPU side-channel attack named SpectreRSB (CVE-2018-15572), which affects microprocessors utilizing speculative execution and prediction of return addresses via Return Stack Buffer (RSB), allowing attackers to expose sensitive information, as well as a use-after-free vulnerability in the vmacache subsystem (CVE-2018-17182).