[ Stefan Bader ]
* CVE-2017-5715 // CVE-2017-5753
- x86, microcode: Share native MSR accessing variants
- x86: Add another set of MSR accessor functions
- x86/cpuid: Provide get_scattered_cpuid_leaf()
- kvm: vmx: Scrub hardware GPRs at VM-exit
- SAUCE: locking/barriers: introduce new memory barrier gmb()
- SAUCE: uvcvideo: prevent speculative execution
- SAUCE: carl9170: prevent speculative execution
- SAUCE: p54: prevent speculative execution
- SAUCE: qla2xxx: prevent speculative execution
- SAUCE: cw1200: prevent speculative execution
- SAUCE: userns: prevent speculative execution
- SAUCE: fs: prevent speculative execution
- SAUCE: udf: prevent speculative execution
- SAUCE: x86/feature: Enable the x86 feature to control Speculation
- SAUCE: x86/feature: Report presence of IBPB and IBRS control
- SAUCE: x86/enter: MACROS to set/clear IBRS and set IBPB
- SAUCE: x86/enter: Use IBRS on syscall and interrupts
- SAUCE: x86/idle: Disable IBRS entering idle and enable it on wakeup
- SAUCE: x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup
- SAUCE: x86/mm: Set IBPB upon context switch
- SAUCE: x86/mm: Only set IBPB when the new thread cannot ptrace current
thread
- SAUCE: x86/entry: Stuff RSB for entry to kernel for non-SMEP platform
- SAUCE: x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
- SAUCE: x86/kvm: Set IBPB when switching VM
- SAUCE: x86/kvm: Toggle IBRS on VM entry and exit
- SAUCE: x86/kvm: Pad RSB on VM transition
- SAUCE: x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature
- SAUCE: x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control
- SAUCE: x86/entry: Use retpoline for syscall's indirect calls
- SAUCE: x86/cpu/AMD: Add speculative control support for AMD
- SAUCE: x86/microcode: Extend post microcode reload to support IBPB feature
- SAUCE: KVM: SVM: Do not intercept new speculative control MSRs
- SAUCE: x86/svm: Set IBRS value on VM entry and exit
- SAUCE: x86/svm: Set IBPB when running a different VCPU
- SAUCE: KVM: x86: Add speculative control CPUID support for guests
- SAUCE: x86/svm: Add code to clobber the RSB on VM exit
- SAUCE: x86/cpu/AMD: Make the LFENCE instruction serialized
- SAUCE: x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature
- SAUCE: x86/kvm: Fix stuff_RSB() for 32-bit
- SAUCE: arm64: no gmb() implementation yet
- SAUCE: arm: no gmb() implementation yet
- SAUCE: powerpc: no gmb() implementation yet
* Do not duplicate changelog entries assigned to more than one bug or CVE
(LP: #1743383)
- [Packaging] git-ubuntu-log -- handle multiple bugs/cves better
-- Stefan Bader <email address hidden> Fri, 19 Jan 2018 13:23:30 +0100
This bug was fixed in the package linux - 3.13.0-141.190
---------------
linux (3.13.0-141.190) trusty; urgency=low
* linux: 3.13.0-141.190 -proposed tracker (LP: #1744308)
* ubuntu_32_on_64 test crash Trusty 3.13.0-140 amd64 system (LP: #1744199) // too_early_ vsyscall from ubuntu_ qrt_kernel_ panic crashes Trusty
test_
3.13.0-140 amd64 system (LP: #1744226) // CVE-2017-5715 // CVE-2017-5753
- SAUCE: x86/entry: Fixup 32bit compat call locations
* CVE-2017-5715 // CVE-2017-5753
- SAUCE: x86/cpuid: Fix ordering of scattered feature list
- SAUCE: KVM: Fix spec_ctrl CPUID support for guests
* CVE-2017-5754
- kaiser: Set _PAGE_NX only if supported
- kaiser: Set _PAGE_NX only if supported
linux (3.13.0-140.189) trusty; urgency=low
* linux: 3.13.0-140.189 -proposed tracker (LP: #1743375)
[ Stefan Bader ] cpuid_leaf( )
* CVE-2017-5715 // CVE-2017-5753
- x86, microcode: Share native MSR accessing variants
- x86: Add another set of MSR accessor functions
- x86/cpuid: Provide get_scattered_
- kvm: vmx: Scrub hardware GPRs at VM-exit
- SAUCE: locking/barriers: introduce new memory barrier gmb()
- SAUCE: uvcvideo: prevent speculative execution
- SAUCE: carl9170: prevent speculative execution
- SAUCE: p54: prevent speculative execution
- SAUCE: qla2xxx: prevent speculative execution
- SAUCE: cw1200: prevent speculative execution
- SAUCE: userns: prevent speculative execution
- SAUCE: fs: prevent speculative execution
- SAUCE: udf: prevent speculative execution
- SAUCE: x86/feature: Enable the x86 feature to control Speculation
- SAUCE: x86/feature: Report presence of IBPB and IBRS control
- SAUCE: x86/enter: MACROS to set/clear IBRS and set IBPB
- SAUCE: x86/enter: Use IBRS on syscall and interrupts
- SAUCE: x86/idle: Disable IBRS entering idle and enable it on wakeup
- SAUCE: x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup
- SAUCE: x86/mm: Set IBPB upon context switch
- SAUCE: x86/mm: Only set IBPB when the new thread cannot ptrace current
thread
- SAUCE: x86/entry: Stuff RSB for entry to kernel for non-SMEP platform
- SAUCE: x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
- SAUCE: x86/kvm: Set IBPB when switching VM
- SAUCE: x86/kvm: Toggle IBRS on VM entry and exit
- SAUCE: x86/kvm: Pad RSB on VM transition
- SAUCE: x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature
- SAUCE: x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control
- SAUCE: x86/entry: Use retpoline for syscall's indirect calls
- SAUCE: x86/cpu/AMD: Add speculative control support for AMD
- SAUCE: x86/microcode: Extend post microcode reload to support IBPB feature
- SAUCE: KVM: SVM: Do not intercept new speculative control MSRs
- SAUCE: x86/svm: Set IBRS value on VM entry and exit
- SAUCE: x86/svm: Set IBPB when running a different VCPU
- SAUCE: KVM: x86: Add speculative control CPUID support for guests
- SAUCE: x86/svm: Add code to clobber the RSB on VM exit
- SAUCE: x86/cpu/AMD: Make the LFENCE instruction serialized
- SAUCE: x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature
- SAUCE: x86/kvm: Fix stuff_RSB() for 32-bit
- SAUCE: arm64: no gmb() implementation yet
- SAUCE: arm: no gmb() implementation yet
- SAUCE: powerpc: no gmb() implementation yet
* Do not duplicate changelog entries assigned to more than one bug or CVE
(LP: #1743383)
- [Packaging] git-ubuntu-log -- handle multiple bugs/cves better
-- Stefan Bader <email address hidden> Fri, 19 Jan 2018 13:23:30 +0100