This bug was fixed in the package linux-raspi2 - 4.13.0-1022.23 --------------- linux-raspi2 (4.13.0-1022.23) artful; urgency=medium * linux-raspi2: 4.13.0-1022.23 -proposed tracker (LP: #1774125) [ Ubuntu: 4.13.0-45.50 ] * linux: 4.13.0-45.50 -proposed tracker (LP: #1774124) * CVE-2018-3639 (x86) - SAUCE: Set generic SSBD feature for Intel cpus [ Ubuntu: 4.13.0-44.49 ] * linux: 4.13.0-44.49 -proposed tracker (LP: #1772951) * CVE-2018-3639 (x86) - x86/cpu: Make alternative_msr_write work for 32-bit code - x86/cpu/AMD: Fix erratum 1076 (CPB bit) - x86/bugs: Fix the parameters alignment and missing void - KVM: SVM: Move spec control call after restore of GS - x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP - x86/cpufeatures: Disentangle MSR_SPEC_CTRL enumeration from IBRS - x86/cpufeatures: Disentangle SSBD enumeration - x86/cpufeatures: Add FEATURE_ZEN - x86/speculation: Handle HT correctly on AMD - x86/bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL - x86/speculation: Add virtualized speculative store bypass disable support - x86/speculation: Rework speculative_store_bypass_update() - x86/bugs: Unify x86_spec_ctrl_{set_guest,restore_host} - x86/bugs: Expose x86_spec_ctrl_base directly - x86/bugs: Remove x86_spec_ctrl_set() - x86/bugs: Rework spec_ctrl base and mask logic - x86/speculation, KVM: Implement support for VIRT_SPEC_CTRL/LS_CFG - KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD - x86/bugs: Rename SSBD_NO to SSB_NO - KVM: VMX: Expose SSBD properly to guests. * [Ubuntu 16.04] kernel: fix rwlock implementation (LP: #1761674) - SAUCE: (no-up) s390: fix rwlock implementation * CVE-2018-7492 - rds: Fix NULL pointer dereference in __rds_rdma_map * CVE-2018-8781 - drm: udl: Properly check framebuffer mmap offsets * fsnotify: Fix fsnotify_mark_connector race (LP: #1765564) - fsnotify: Fix fsnotify_mark_connector race * Kernel panic on boot (m1.small in cn-north-1) (LP: #1771679) - x86/xen: Reset VCPU0 info pointer after shared_info remap * Suspend to idle: Open lid didn't resume (LP: #1771542) - ACPI / PM: Do not reconfigure GPEs for suspend-to-idle * CVE-2018-1092 - ext4: fail ext4_iget for root directory if unallocated * [SRU][Artful] using vfio-pci on a combination of cn8xxx and some PCI devices results in a kernel panic. (LP: #1770254) - PCI: Avoid bus reset if bridge itself is broken - PCI: Mark Cavium CN8xxx to avoid bus reset - PCI: Avoid slot reset if bridge itself is broken * Battery drains when laptop is off (shutdown) (LP: #1745646) - PCI / PM: Check device_may_wakeup() in pci_enable_wake() * perf record crash: refcount_inc assertion failed (LP: #1769027) - perf cgroup: Fix refcount usage - perf xyarray: Fix wrong processing when closing evsel fd * Dell Latitude 5490/5590 BIOS update 1.1.9 causes black screen at boot (LP: #1764194) - drm/i915/bios: filter out invalid DDC pins from VBT child devices * Fix an issue that some PCI devices get incorrectly suspended (LP: #1764684) - PCI / PM: Always check PME wakeup capability for runtime wakeup support * [SRU][Bionic/Artful] fix false positives in W+X checking (LP: #1769696) - init: fix false positives in W+X checking * CVE-2018-1068 - netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets * CVE-2018-8087 - mac80211_hwsim: fix possible memory leak in hwsim_new_radio_nl() * Integrated Webcam Realtek Integrated_Webcam_HD (0bda:58f4) not working in DELL XPS 13 9370 with firmware 1.50 (LP: #1763748) - SAUCE: media: uvcvideo: Support realtek's UVC 1.5 device * unregister_netdevice: waiting for eth0 to become free. Usage count = 5 (LP: #1746474) - ipv4: convert dst_metrics.refcnt from atomic_t to refcount_t - xfrm: reuse uncached_list to track xdsts * Acer Swift sf314-52 power button not managed (LP: #1766054) - SAUCE: platform/x86: acer-wmi: add another KEY_POWER keycode * set PINCFG_HEADSET_MIC to parse_flags for Dell precision 3630 (LP: #1766398) - ALSA: hda/realtek - set PINCFG_HEADSET_MIC to parse_flags * Change the location for one of two front mics on a lenovo thinkcentre machine (LP: #1766477) - ALSA: hda/realtek - adjust the location of one mic [ Ubuntu: 4.13.0-43.48 ] * CVE-2018-3639 (powerpc) - SAUCE: rfi-flush: update H_CPU_* macro names to upstream - SAUCE: rfi-flush: update plpar_get_cpu_characteristics() signature to upstream - SAUCE: update pseries_setup_rfi_flush() capitalization to upstream - powerpc/pseries: Support firmware disable of RFI flush - powerpc/powernv: Support firmware disable of RFI flush - powerpc/64s: Allow control of RFI flush via debugfs - powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code - powerpc/rfi-flush: Always enable fallback flush on pseries - powerpc/rfi-flush: Differentiate enabled and patched flush types - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags - powerpc: Add security feature flags for Spectre/Meltdown - powerpc/powernv: Set or clear security feature flags - powerpc/pseries: Set or clear security feature flags - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush() - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush() - powerpc/pseries: Fix clearing of security feature flags - powerpc: Move default security feature flags - powerpc/pseries: Restore default security feature flags on setup - powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit * CVE-2018-3639 (x86) - SAUCE: Add X86_FEATURE_ARCH_CAPABILITIES - SAUCE: x86: Add alternative_msr_write - x86/nospec: Simplify alternative_msr_write() - x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown - x86/bugs: Concentrate bug detection into a separate function - x86/bugs: Concentrate bug reporting into a separate function - x86/msr: Add definitions for new speculation control MSRs - x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits - x86/bugs, KVM: Support the combination of guest and host IBRS - x86/bugs: Expose /sys/../spec_store_bypass - x86/cpufeatures: Add X86_FEATURE_RDS - x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation - x86/bugs/intel: Set proper CPU features and setup RDS - x86/bugs: Whitelist allowed SPEC_CTRL MSR values - x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested - x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest - x86/speculation: Create spec-ctrl.h to avoid include hell - prctl: Add speculation control prctls - x86/process: Allow runtime control of Speculative Store Bypass - x86/speculation: Add prctl for Speculative Store Bypass mitigation - nospec: Allow getting/setting on non-current task - proc: Provide details on speculation flaw mitigations - seccomp: Enable speculation flaw mitigations - SAUCE: x86/bugs: Honour SPEC_CTRL default - x86/bugs: Make boot modes __ro_after_init - prctl: Add force disable speculation - seccomp: Use PR_SPEC_FORCE_DISABLE - seccomp: Add filter flag to opt-out of SSB mitigation - seccomp: Move speculation migitation control to arch code - x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass - x86/bugs: Rename _RDS to _SSBD - proc: Use underscores for SSBD in 'status' - Documentation/spec_ctrl: Do some minor cleanups - x86/bugs: Fix __ssb_select_mitigation() return type - x86/bugs: Make cpu_show_common() static * LSM Stacking prctl values should be redefined as to not collide with upstream prctls (LP: #1769263) // CVE-2018-3639 - SAUCE: LSM stacking: adjust prctl values -- Kleber Sacilotto de Souza