Ubuntu
linux package

That option will disable AVX on systems where microcode mitigation has not
been provided. Though it can be flipeed by a boot option, it has been shown
to break some versions of gnutls, which are used by apt or git when dealing
with https.

Signed-off-by: Thadeu Lima de Souza Cascardo <email address hidden>
Acked-by: Stefan Bader <email address hidden>
Acked-by: Roxana Nicolescu <email address hidden>
Signed-off-by: Stefan Bader <email address hidden>

ade2b66... by Stefan Bader on 2023-08-14

UBUNTU: Start new release

Ignore: yes
Signed-off-by: Stefan Bader <email address hidden>

57d5298... by Stefan Bader on 2023-08-09

UBUNTU: Ubuntu-6.2.0-30.30

Signed-off-by: Stefan Bader <email address hidden>

1eda33b... by Stefan Bader on 2023-08-09

UBUNTU: [Config] Record gcc and pahole updates

Binutils were updated. Update versions in annotations.

Ignore: yes
Signed-off-by: Stefan Bader <email address hidden>

d311aee... by Stefan Bader on 2023-08-09

UBUNTU: link-to-tracker: update tracking bug

BugLink: https://bugs.launchpad.net/bugs/2030381
Properties: no-test-build
Signed-off-by: Stefan Bader <email address hidden>

3edbe24... by Thadeu Lima de Souza Cascardo on 2023-08-07

UBUNTU: [Config]: Enable CONFIG_ARCH_HAS_CPU_FINALIZE_INIT and CONFIG_GDS_FORCE_MITIGATION

CVE-2022-40982
Signed-off-by: Thadeu Lima de Souza Cascardo <email address hidden>
Acked-by: Roxana Nicolescu <email address hidden>
Acked-by: Stefan Bader <email address hidden>
Signed-off-by: Stefan Bader <email address hidden>

f88fa53... by Dave Hansen <email address hidden> on 2023-08-01

Documentation/x86: Fix backwards on/off logic about YMM support

These options clearly turn *off* XSAVE YMM support. Correct the
typo.

Reported-by: Ben Hutchings <email address hidden>
Fixes: 553a5c03e90a ("x86/speculation: Add force option to GDS mitigation")
Signed-off-by: Dave Hansen <email address hidden>

(cherry picked from commit 1b0fc0345f2852ffe54fb9ae0e12e2ee69ad6a20)
CVE-2022-40982
Signed-off-by: Thadeu Lima de Souza Cascardo <email address hidden>
Acked-by: Roxana Nicolescu <email address hidden>
Acked-by: Stefan Bader <email address hidden>
Signed-off-by: Stefan Bader <email address hidden>

cd25885... by Daniel Sneddon <email address hidden> on 2023-07-13

KVM: Add GDS_NO support to KVM

Gather Data Sampling (GDS) is a transient execution attack using
gather instructions from the AVX2 and AVX512 extensions. This attack
allows malicious code to infer data that was previously stored in
vector registers. Systems that are not vulnerable to GDS will set the
GDS_NO bit of the IA32_ARCH_CAPABILITIES MSR. This is useful for VM
guests that may think they are on vulnerable systems that are, in
fact, not affected. Guests that are running on affected hosts where
the mitigation is enabled are protected as if they were running
on an unaffected system.

On all hosts that are not affected or that are mitigated, set the
GDS_NO bit.

Signed-off-by: Daniel Sneddon <email address hidden>
Signed-off-by: Dave Hansen <email address hidden>
Acked-by: Josh Poimboeuf <email address hidden>

(cherry picked from commit 81ac7e5d741742d650b4ed6186c4826c1a0631a7)
CVE-2022-40982
Signed-off-by: Thadeu Lima de Souza Cascardo <email address hidden>
Acked-by: Roxana Nicolescu <email address hidden>
Acked-by: Stefan Bader <email address hidden>
Signed-off-by: Stefan Bader <email address hidden>

Ubuntulinux package

~cascardo/ubuntu/+source/linux/+git/lunar-1:master-prep

Branch merges

Related source package recipes

Related snap packages

Related charm recipes

Branch information

Recent commits

Ubuntu
linux package