Ubuntu CVE Tracker

Merge ~cypressyew/ubuntu-cve-tracker:oem-5.14 into ubuntu-cve-tracker:master

  1. Git
  2. lp:~cypressyew/ubuntu-cve-tracker
  3. oem-5.14
  4. Merge into master
Proposed by Po-Hsu Lin
Status: Merged
Merged at revision: abbf2985ceb1070a7af7a2c65a460e8c616cbf4f
Proposed branch: ~cypressyew/ubuntu-cve-tracker:oem-5.14
Merge into: ubuntu-cve-tracker:master
Diff against target: 105 lines (+24/-1)
6 files modified
active/00boilerplate.linux (+10/-0)
active/CVE-2021-3653 (+2/-1)
active/CVE-2021-40490 (+1/-0)
meta_lists/package_info_overrides.json (+4/-0)
scripts/cve_lib.py (+1/-0)
scripts/kernel_lib.py (+6/-0)
Reviewer Review Type Date Requested Status
Steve Beattie Approve
Review via email: mp+408790@code.launchpad.net

Commit message

Add tracking for focal/linux-oem-5.14 kernel

Add tracking for F-OEM-5.14 based on 14f96c290581

To post a comment you must log in.
Revision history for this message
Steve Beattie (sbeattie) wrote :

Thanks for the merge request, I've gone ahead and merged it, along with adding the kernel to the actively tracked kernel CVEs.

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/active/00boilerplate.linux b/active/00boilerplate.linux
2index fd27057..c0c23e9 100644
3--- a/active/00boilerplate.linux
4+++ b/active/00boilerplate.linux
5@@ -499,6 +499,16 @@ focal_linux-oem-5.13: needs-triage
6 hirsute_linux-oem-5.13: DNE
7 devel_linux-oem-5.13: DNE
8
9+Patches_linux-oem-5.14:
10+upstream_linux-oem-5.14: needs-triage
11+trusty_linux-oem-5.14: DNE
12+trusty/esm_linux-oem-5.14: DNE
13+xenial_linux-oem-5.14: DNE
14+bionic_linux-oem-5.14: DNE
15+focal_linux-oem-5.14: needs-triage
16+hirsute_linux-oem-5.14: DNE
17+devel_linux-oem-5.14: DNE
18+
19 Patches_linux-oem-osp1:
20 upstream_linux-oem-osp1: needs-triage
21 trusty_linux-oem-osp1: DNE
22diff --git a/active/CVE-2021-3653 b/active/CVE-2021-3653
23index 3d5a703..951ed1d 100644
24--- a/active/CVE-2021-3653
25+++ b/active/CVE-2021-3653
26@@ -25,6 +25,7 @@ Ubuntu-Description:
27 enabling AVIC in nested guest VMs. An attacker in a guest VM could use this
28 to write to portions of the host's physical memory.
29 Notes:
30+ cascardo> trusty libvirt/qemu does not create nested capable VMs by default
31 Mitigation:
32 Disable nested virtualisation when loading the KVM AMD module:
33 modprobe kvm_amd nested=0
34@@ -38,7 +39,7 @@ Patches_linux:
35 break-fix: 3d6368ef580a4dff012960834bba4e28d3c1430c 0f923e07124df069ba68d8bb12324398f4b6b709|local-CVE-2021-3653-fix
36 upstream_linux: released (5.14~rc7)
37 trusty_linux: ignored (out of standard support)
38-trusty/esm_linux: needed
39+trusty/esm_linux: ignored (ESM criteria, not a high on 3.13)
40 xenial_linux: ignored (was needs-triage now end-of-life)
41 esm-infra/xenial_linux: released (4.4.0-214.246)
42 bionic_linux: released (4.15.0-156.163)
43diff --git a/active/CVE-2021-40490 b/active/CVE-2021-40490
44index b7c20dd..9b162aa 100644
45--- a/active/CVE-2021-40490
46+++ b/active/CVE-2021-40490
47@@ -18,6 +18,7 @@ CVSS:
48 nvd: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
49
50 Patches_linux:
51+ break-fix: f19d5870cbf72d4cb2a8e1f749dff97af99b071e a54c4613dac1500b40e4ab55199f7c51f028e848
52 upstream_linux: needs-triage
53 trusty_linux: ignored (out of standard support)
54 trusty/esm_linux: ignored (was needs-triage ESM criteria)
55diff --git a/meta_lists/package_info_overrides.json b/meta_lists/package_info_overrides.json
56index 34cfb10..5a3e9ca 100644
57--- a/meta_lists/package_info_overrides.json
58+++ b/meta_lists/package_info_overrides.json
59@@ -1311,6 +1311,10 @@
60 "description": "Linux kernel for OEM systems",
61 "title": "Linux kernel (OEM)"
62 },
63+ "linux-oem-5.14": {
64+ "description": "Linux kernel for OEM systems",
65+ "title": "Linux kernel (OEM)"
66+ },
67 "linux-oem-5.6": {
68 "description": "Linux kernel for OEM systems",
69 "title": "Linux kernel (OEM)"
70diff --git a/scripts/cve_lib.py b/scripts/cve_lib.py
71index c706a61..2d896f6 100755
72--- a/scripts/cve_lib.py
73+++ b/scripts/cve_lib.py
74@@ -227,6 +227,7 @@ kernel_srcs = set(['linux',
75 'linux-oem-5.6',
76 'linux-oem-5.10',
77 'linux-oem-5.13',
78+ 'linux-oem-5.14',
79 'linux-oem-osp1',
80 'linux-oracle',
81 'linux-oracle-5.0',
82diff --git a/scripts/kernel_lib.py b/scripts/kernel_lib.py
83index b9bfa18..ae121d2 100755
84--- a/scripts/kernel_lib.py
85+++ b/scripts/kernel_lib.py
86@@ -195,6 +195,7 @@ meta_kernels.add_new_kernel('focal', ['linux-raspi2'], '-5.4.0', signed=False)
87 meta_kernels.add_new_kernel('focal', ['linux-oem-5.6'], '-5.6.0')
88 meta_kernels.add_new_kernel('focal', ['linux-oem-5.10'], '-5.10.0')
89 meta_kernels.add_new_kernel('focal', ['linux-oem-5.13'], '-5.13.0')
90+meta_kernels.add_new_kernel('focal', ['linux-oem-5.14'], '-5.14.0')
91 meta_kernels.add_new_kernel('focal', ['linux-aws'], '-5.4.0', signed=False)
92 meta_kernels.add_new_kernel('focal', ['linux-aws-5.8'], '-5.8.0', signed=False)
93 meta_kernels.add_new_kernel('focal', ['linux-aws-5.11'], '-5.11.0', signed=False)
94@@ -556,6 +557,11 @@ kernel_glitches = {
95 '~': '5.13.0-1011.15', # initial publication
96 },
97 },
98+ 'linux-oem-5.14': {
99+ 'focal': {
100+ '~': '5.14.0-1002.2', # initial publication
101+ },
102+ },
103 'linux-oracle': {
104 'xenial': {
105 '~': '4.15.0-1008.10~16.04.1',

Subscribers

People subscribed via source and target branches