Ubuntu CVE Tracker

Merge ~cypressyew/ubuntu-cve-tracker:intel-5.13 into ubuntu-cve-tracker:master

  1. Git
  2. lp:~cypressyew/ubuntu-cve-tracker
  3. intel-5.13
  4. Merge into master
Proposed by Po-Hsu Lin
Status: Merged
Merged at revision: 23df71551e8844eda6e092dae40386a6a807f195
Proposed branch: ~cypressyew/ubuntu-cve-tracker:intel-5.13
Merge into: ubuntu-cve-tracker:master
Diff against target: 105 lines (+24/-1)
6 files modified
active/00boilerplate.linux (+10/-0)
active/CVE-2021-3653 (+2/-1)
active/CVE-2021-40490 (+1/-0)
meta_lists/package_info_overrides.json (+4/-0)
scripts/cve_lib.py (+1/-0)
scripts/kernel_lib.py (+6/-0)
Reviewer Review Type Date Requested Status
Steve Beattie Approve
Review via email: mp+408843@code.launchpad.net

Commit message

Add tracking for focal/linux-intel-5.13 kernel

Add tracking for F-intel-5.13 based on 14f96c290581

To post a comment you must log in.
Revision history for this message
Steve Beattie (sbeattie) wrote :

Thanks, I've merged this despite linux-intel-5.13 not having left focal-proposed, which makes it a little annoying on our side to track (for security team members, it meant I had to add the kernel to the unpublished list in check-syntax). I did have to fix up the boilerplate to as it had incorrectly marked bionic as the release and not focal.

or entirely new kernel variants like linux-intel, there are a couple of other tools that have to be touched up that I fixed in a followup commit.

Thanks again for the merge request, I do appreciate getting notified of newly added kernel variants that we should be tracking.

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/active/00boilerplate.linux b/active/00boilerplate.linux
2index fd27057..cfae84a 100644
3--- a/active/00boilerplate.linux
4+++ b/active/00boilerplate.linux
5@@ -396,6 +396,16 @@ focal_linux-gkeop-5.4: DNE
6 hirsute_linux-gkeop-5.4: DNE
7 devel_linux-gkeop-5.4: DNE
8
9+Patches_linux-intel-5.13:
10+upstream_linux-intel-5.13: needs-triage
11+trusty_linux-intel-5.13: DNE
12+trusty/esm_linux-intel-5.13: DNE
13+xenial_linux-intel-5.13: DNE
14+bionic_linux-intel-5.13: needs-triage
15+focal_linux-intel-5.13: DNE
16+hirsute_linux-intel-5.13: DNE
17+devel_linux-intel-5.13: DNE
18+
19 Patches_linux-oracle:
20 upstream_linux-oracle: needs-triage
21 trusty_linux-oracle: DNE
22diff --git a/active/CVE-2021-3653 b/active/CVE-2021-3653
23index 3d5a703..951ed1d 100644
24--- a/active/CVE-2021-3653
25+++ b/active/CVE-2021-3653
26@@ -25,6 +25,7 @@ Ubuntu-Description:
27 enabling AVIC in nested guest VMs. An attacker in a guest VM could use this
28 to write to portions of the host's physical memory.
29 Notes:
30+ cascardo> trusty libvirt/qemu does not create nested capable VMs by default
31 Mitigation:
32 Disable nested virtualisation when loading the KVM AMD module:
33 modprobe kvm_amd nested=0
34@@ -38,7 +39,7 @@ Patches_linux:
35 break-fix: 3d6368ef580a4dff012960834bba4e28d3c1430c 0f923e07124df069ba68d8bb12324398f4b6b709|local-CVE-2021-3653-fix
36 upstream_linux: released (5.14~rc7)
37 trusty_linux: ignored (out of standard support)
38-trusty/esm_linux: needed
39+trusty/esm_linux: ignored (ESM criteria, not a high on 3.13)
40 xenial_linux: ignored (was needs-triage now end-of-life)
41 esm-infra/xenial_linux: released (4.4.0-214.246)
42 bionic_linux: released (4.15.0-156.163)
43diff --git a/active/CVE-2021-40490 b/active/CVE-2021-40490
44index b7c20dd..9b162aa 100644
45--- a/active/CVE-2021-40490
46+++ b/active/CVE-2021-40490
47@@ -18,6 +18,7 @@ CVSS:
48 nvd: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
49
50 Patches_linux:
51+ break-fix: f19d5870cbf72d4cb2a8e1f749dff97af99b071e a54c4613dac1500b40e4ab55199f7c51f028e848
52 upstream_linux: needs-triage
53 trusty_linux: ignored (out of standard support)
54 trusty/esm_linux: ignored (was needs-triage ESM criteria)
55diff --git a/meta_lists/package_info_overrides.json b/meta_lists/package_info_overrides.json
56index 34cfb10..d0abd6b 100644
57--- a/meta_lists/package_info_overrides.json
58+++ b/meta_lists/package_info_overrides.json
59@@ -1239,6 +1239,10 @@
60 "description": "Linux hardware enablement (HWE) testing kernel",
61 "title": "Linux kernel (HWE)"
62 },
63+ "linux-intel-5.13": {
64+ "description": "Linux kernel for Intel IOTG",
65+ "title": "Linux kernel (Intel IOTG)"
66+ },
67 "linux-joule": {
68 "description": "Linux kernel for Intel Joule systems",
69 "title": "Linux kernel (Intel Joule)"
70diff --git a/scripts/cve_lib.py b/scripts/cve_lib.py
71index c706a61..0ef60ad 100755
72--- a/scripts/cve_lib.py
73+++ b/scripts/cve_lib.py
74@@ -221,6 +221,7 @@ kernel_srcs = set(['linux',
75 'linux-gke-5.4',
76 'linux-gkeop',
77 'linux-gkeop-5.4',
78+ 'linux-intel-5.13',
79 'linux-kvm',
80 'linux-oem',
81 'linux-oem-5.4',
82diff --git a/scripts/kernel_lib.py b/scripts/kernel_lib.py
83index b9bfa18..d299236 100755
84--- a/scripts/kernel_lib.py
85+++ b/scripts/kernel_lib.py
86@@ -195,6 +195,7 @@ meta_kernels.add_new_kernel('focal', ['linux-raspi2'], '-5.4.0', signed=False)
87 meta_kernels.add_new_kernel('focal', ['linux-oem-5.6'], '-5.6.0')
88 meta_kernels.add_new_kernel('focal', ['linux-oem-5.10'], '-5.10.0')
89 meta_kernels.add_new_kernel('focal', ['linux-oem-5.13'], '-5.13.0')
90+meta_kernels.add_new_kernel('focal', ['linux-intel-5.13'], '-5.13.0')
91 meta_kernels.add_new_kernel('focal', ['linux-aws'], '-5.4.0', signed=False)
92 meta_kernels.add_new_kernel('focal', ['linux-aws-5.8'], '-5.8.0', signed=False)
93 meta_kernels.add_new_kernel('focal', ['linux-aws-5.11'], '-5.11.0', signed=False)
94@@ -556,6 +557,11 @@ kernel_glitches = {
95 '~': '5.13.0-1011.15', # initial publication
96 },
97 },
98+ 'linux-intel-5.13': {
99+ 'focal': {
100+ '~': '5.13.0-1004.4', # initial publication
101+ },
102+ },
103 'linux-oracle': {
104 'xenial': {
105 '~': '4.15.0-1008.10~16.04.1',

Subscribers

People subscribed via source and target branches