Ubuntu
linux package

Disco update: 5.0.16 upstream stable release

Bug #1835580 reported by Connor Kuehl
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Invalid
Undecided
Unassigned
Disco
Fix Released
Medium
Stefan Bader

Bug Description

    SRU Justification

    Impact:
       The upstream process for stable tree updates is quite similar
       in scope to the Ubuntu SRU process, e.g., each patch has to
       demonstrably fix a bug, and each patch is vetted by upstream
       by originating either directly from a mainline/stable Linux tree or
       a minimally backported form of that patch. The following upstream
       stable patches should be included in the Ubuntu kernel:

       5.0.16 upstream stable release
       from git://git.kernel.org/

Connor Kuehl (connork)
Changed in linux (Ubuntu):
status: New → Confirmed
tags: added: kernel-stable-tracking-bug
Changed in linux (Ubuntu):
status: Confirmed → Invalid
Changed in linux (Ubuntu Disco):
status: New → In Progress
importance: Undecided → Medium
assignee: nobody → Connor Kuehl (connork)
Connor Kuehl (connork)
Changed in linux (Ubuntu Disco):
status: In Progress → New
assignee: Connor Kuehl (connork) → nobody
Stefan Bader (smb)
Changed in linux (Ubuntu Disco):
assignee: nobody → Stefan Bader (smb)
status: New → In Progress
Revision history for this message
Stefan Bader (smb) wrote :

Already applied for CVE-2018-12126, CVE-2018-12127, CVE-2018-12130:
- "x86/msr-index: Cleanup bit defines"
- "x86/speculation: Consolidate CPU whitelists"
- "x86/speculation/mds: Add basic bug infrastructure for MDS"
- "x86/speculation/mds: Add BUG_MSBDS_ONLY"
- "x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests"
- "x86/speculation/mds: Add mds_clear_cpu_buffers()"
- "x86/speculation/mds: Clear CPU buffers on exit to user"
- "x86/kvm/vmx: Add MDS protection when L1D Flush is not active"
- "x86/speculation/mds: Conditionally clear CPU buffers on idle entry"
- "x86/speculation/mds: Add mitigation control for MDS"
- "x86/speculation/mds: Add sysfs reporting for MDS"
- "x86/speculation/mds: Add mitigation mode VMWERV"
- "Documentation: Move L1TF to separate directory"
- "Documentation: Add MDS vulnerability documentation"
- "x86/speculation/mds: Add mds=full,nosmt cmdline option"
- "x86/speculation: Move arch_smt_update() call to after mitigation decisions"
- "x86/speculation/mds: Add SMT warning message"
- "x86/speculation/mds: Fix comment"
- "x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off"
- "cpu/speculation: Add 'mitigations=' cmdline option"
- "x86/speculation: Support 'mitigations=' cmdline option"
- "powerpc/speculation: Support 'mitigations=' cmdline option"
- "s390/speculation: Support 'mitigations=' cmdline option"
- "x86/speculation/mds: Add 'mitigations=' support for MDS"

Already applied for CVE-2019-11091:
- "x86/mds: Add MDSUM variant to the MDS documentation"

Already applied for CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091:
- "Documentation: Correct the possible MDS sysfs values"
- "x86/speculation/mds: Fix documentation typo"

This upstream stable already was completely applied for security.

Changed in linux (Ubuntu Disco):
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 5.0.0-25.26

---------------
linux (5.0.0-25.26) disco; urgency=medium

  * CVE-2019-1125
    - x86/cpufeatures: Carve out CQM features retrieval
    - x86/cpufeatures: Combine word 11 and 12 into a new scattered features word
    - x86/speculation: Prepare entry code for Spectre v1 swapgs mitigations
    - x86/speculation: Enable Spectre v1 swapgs mitigations
    - x86/entry/64: Use JMP instead of JMPQ
    - x86/speculation/swapgs: Exclude ATOMs from speculation through SWAPGS

 -- Kleber Sacilotto de Souza <email address hidden> Thu, 01 Aug 2019 12:04:35 +0200

Changed in linux (Ubuntu Disco):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.