This bug was fixed in the package linux-kvm - 4.15.0-1010.10

---------------
linux-kvm (4.15.0-1010.10) bionic; urgency=medium

  [ Ubuntu: 4.15.0-22.24 ]

  * CVE-2018-3639 (powerpc)
    - powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit
    - stf-barrier: set eieio instruction bit 6 for future optimisations
  * CVE-2018-3639 (x86)
    - x86/nospec: Simplify alternative_msr_write()
    - x86/bugs: Concentrate bug detection into a separate function
    - x86/bugs: Concentrate bug reporting into a separate function
    - x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
    - x86/bugs, KVM: Support the combination of guest and host IBRS
    - x86/bugs: Expose /sys/../spec_store_bypass
    - x86/cpufeatures: Add X86_FEATURE_RDS
    - x86/bugs: Provide boot parameters for the spec_store_bypass_disable
      mitigation
    - x86/bugs/intel: Set proper CPU features and setup RDS
    - x86/bugs: Whitelist allowed SPEC_CTRL MSR values
    - x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested
    - x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
    - x86/speculation: Create spec-ctrl.h to avoid include hell
    - prctl: Add speculation control prctls
    - x86/process: Allow runtime control of Speculative Store Bypass
    - x86/speculation: Add prctl for Speculative Store Bypass mitigation
    - nospec: Allow getting/setting on non-current task
    - proc: Provide details on speculation flaw mitigations
    - seccomp: Enable speculation flaw mitigations
    - x86/bugs: Make boot modes __ro_after_init
    - prctl: Add force disable speculation
    - seccomp: Use PR_SPEC_FORCE_DISABLE
    - seccomp: Add filter flag to opt-out of SSB mitigation
    - seccomp: Move speculation migitation control to arch code
    - x86/speculation: Make "seccomp" the default mode for Speculative Store
      Bypass
    - x86/bugs: Rename _RDS to _SSBD
    - proc: Use underscores for SSBD in 'status'
    - Documentation/spec_ctrl: Do some minor cleanups
    - x86/bugs: Fix __ssb_select_mitigation() return type
    - x86/bugs: Make cpu_show_common() static
  * LSM Stacking prctl values should be redefined as to not collide with
    upstream prctls (LP: #1769263) // CVE-2018-3639
    - SAUCE: LSM stacking: adjust prctl values

linux-kvm (4.15.0-1009.9) bionic; urgency=medium

  * linux-kvm: 4.15.0-1009.9 -proposed tracker (LP: #1767409)

  * linux-image-4.15.0-20-generic install after upgrade from xenial breaks
    (LP: #1767133)
    - Packaging: Depends on linux-base that provides the necessary tools

  * Unable to start docker application with B-KVM kernel (LP: #1763630)
    - kvm: [config] enable NF_NAT, NF_CONNTRACK
    - kvm: [config] enable IP_NF_TABLES

  * test_078_SLAB_freelist_randomization failed on 4.15 KVM kernel
    (LP: #1764975)
    - kvm: [config] enable CONFIG_SLAB_FREELIST_{HARDENED,RANDOM}

  * linux-kvm 4.15 needs CONFIG_VMAP_STACK set (LP: #1764985)
    - kvm: [config] enable CONFIG_VMAP_STACK

  * test_140_kernel_modules_not_tainted in kernel security test failed with 4.15
    kvm kernel (LP: #1766832)
    - kvm: [config] enable CONFIG_MODULE_UNLOAD

  [ Ubuntu: 4.15.0-21.22 ]

  * linux: 4.15.0-21.22 -proposed tracker (LP: #1767397)
  * initramfs-tools exception during pm.DoInstall with  do-release-upgrade from
    16.04 to 18.04  (LP: #1766727)
    - Add linux-image-* Breaks on s390-tools (<< 2.3.0-0ubuntu3)
  * linux-image-4.15.0-20-generic install after upgrade from xenial breaks
    (LP: #1767133)
    - Packaging: Depends on linux-base that provides the necessary tools
  * linux-image packages need to Breaks flash-kernel << 3.90ubuntu2
    (LP: #1766629)
    - linux-image-* breaks on flash-kernel (<< 3.90ubuntu2)

 -- Stefan Bader <email address hidden>  Thu, 17 May 2018 10:30:53 +0200