StarlingX

  1. Bug #1830487
  2. Comment #4

Comment 4 for bug 1830487

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to integ (master)

Reviewed: https://review.opendev.org/663083
Committed: https://git.openstack.org/cgit/starlingx/integ/commit/?id=30788066d6bccd86bb3fb31a0a69f6c868b56682
Submitter: Zuul
Branch: master

commit 30788066d6bccd86bb3fb31a0a69f6c868b56682
Author: zhiguo.zhang <email address hidden>
Date: Wed Jun 5 00:07:09 2019 +0800

    Upgrade std kernel patch to CentOS7.6 3.10.0-957.12.2

    New set of CVEs was reported against Intel CPUs: CVE-2018-12126,
    CVE-2018-12127, CVE-2018-12130 and CVE-2019-11091.
    For these CVEs there are RH and CentOS updates available.

    CVE-2018-12126:
    Microarchitectural Store Buffer Data Sampling (MSBDS):
    Store buffers on some microprocessors utilizing speculative
    execution may allow an authenticated user to potentially
    enable information disclosure via a side channel with local access.
    A list of impacted products can be found here:
    https://www.intel.com/content/dam/www/public/us/en/documents/
    corporate-information/SA00233-microcode-update-guidance_05132019.pdf

    CVE-2018-12127:
    Microarchitectural Load Port Data Sampling (MLPDS):
    Load ports on some microprocessors utilizing speculative execution
    may allow an authenticated user to potentially enable information
    disclosure via a side channel with local access. A list of impacted
    products can be found here:
    https://www.intel.com/content/dam/www/public/us/en/documents/
    corporate-information/SA00233-microcode-update-guidance_05132019.pdf

    CVE-2018-12130:
    Microarchitectural Fill Buffer Data Sampling (MFBDS):
    Fill buffers on some microprocessors utilizing speculative execution
    may allow an authenticated user to potentially enable information
    disclosure via a side channel with local access. A list of impacted
    products can be found here:
    https://www.intel.com/content/dam/www/public/us/en/documents/
    corporate-information/SA00233-microcode-update-guidance_05132019.pdf

    CVE-2019-11091:
    Microarchitectural Data Sampling Uncacheable Memory(MDSUM):
    Uncacheable memory on some microprocessors utilizing speculative
    execution may allow an authenticated user to potentially enable
    information disclosure via a side channel with local access.
    A list of impacted products can be found here:
    https://www.intel.com/content/dam/www/public/us/en/documents/
    corporate-information/SA00233-microcode-update-guidance_05132019.pdf

    These are from the http://cve.mitre.org website.
    These are the MDS security CVEs.

    The patch is modified as follows:
    1.Delete the 929-931 line of the arch/x86/kernel/cpu/cacheinfo.c file,
      because starlingx's Porting-Cacheinfo-from-Kernel-4.10.17.patch
      removes the ici_cpuid4_info structure.

    2.The build-logic-and-sources-for-TiC.patch version number
      has been modified.

    3.In addition to the modifications in the files in 1 and 2,
      other patches only modify the line number.

    Closes-Bug: 1830487
    Depends-On: https://review.opendev.org/663071
    Change-Id: I4cad783311ed4a6c60b4f69bdad75d773d0cd23d
    Signed-off-by: zhiguo.zhang <email address hidden>