← Back to team overview

canonical-hw-cert team mailing list archive

[Bug 1983615] Re: focal/linux-lowlatency-hwe-5.15: 5.15.0-45.48~20.04.1 -proposed tracker

 

This bug was fixed in the package linux-lowlatency-hwe-5.15 -
5.15.0-46.49~20.04.1

---------------
linux-lowlatency-hwe-5.15 (5.15.0-46.49~20.04.1) focal; urgency=medium

  [ Ubuntu: 5.15.0-46.49 ]

  * CVE-2022-2585
    - SAUCE: posix-cpu-timers: Cleanup CPU timers before freeing them during exec
  * CVE-2022-2586
    - SAUCE: netfilter: nf_tables: do not allow SET_ID to refer to another table
    - SAUCE: netfilter: nf_tables: do not allow CHAIN_ID to refer to another table
    - SAUCE: netfilter: nf_tables: do not allow RULE_ID to refer to another chain
  * CVE-2022-2588
    - SAUCE: net_sched: cls_route: remove from list when handle is 0

linux-lowlatency-hwe-5.15 (5.15.0-45.48~20.04.1) focal; urgency=medium

  * focal/linux-lowlatency-hwe-5.15: 5.15.0-45.48~20.04.1 -proposed tracker
    (LP: #1983615)

  [ Ubuntu: 5.15.0-45.48 ]

  * jammy/linux-lowlatency: 5.15.0-45.48 -proposed tracker (LP: #1983064)
  * CVE-2022-29900 // CVE-2022-29901
    - x86/lib/atomic64_386_32: Rename things
    - x86: Prepare asm files for straight-line-speculation
    - x86: Prepare inline-asm for straight-line-speculation
    - x86/alternative: Relax text_poke_bp() constraint
    - kbuild: move objtool_args back to scripts/Makefile.build
    - x86: Add straight-line-speculation mitigation
    - kvm/emulate: Fix SETcc emulation function offsets with SLS
    - crypto: x86/poly1305 - Fixup SLS
    - objtool: Add straight-line-speculation validation
    - objtool: Fix SLS validation for kcov tail-call replacement
    - objtool: Fix objtool regression on x32 systems
    - objtool: Fix symbol creation
    - objtool: Introduce CFI hash
    - objtool: Default ignore INT3 for unreachable
    - x86, kvm: use proper ASM macros for kvm_vcpu_is_preempted
    - x86/traps: Use pt_regs directly in fixup_bad_iret()
    - x86/entry: Switch the stack after error_entry() returns
    - x86/entry: Move PUSH_AND_CLEAR_REGS out of error_entry()
    - x86/entry: Don't call error_entry() for XENPV
    - x86/entry: Remove skip_r11rcx
    - x86/realmode: build with -D__DISABLE_EXPORTS
    - x86/ibt,ftrace: Make function-graph play nice
    - x86/kvm/vmx: Make noinstr clean
    - x86/cpufeatures: Move RETPOLINE flags to word 11
    - x86/retpoline: Cleanup some #ifdefery
    - x86/retpoline: Swizzle retpoline thunk
    - x86/retpoline: Use -mfunction-return
    - x86: Undo return-thunk damage
    - x86,objtool: Create .return_sites
    - objtool: skip non-text sections when adding return-thunk sites
    - x86,static_call: Use alternative RET encoding
    - x86/ftrace: Use alternative RET encoding
    - x86/bpf: Use alternative RET encoding
    - x86/kvm: Fix SETcc emulation for return thunks
    - x86/vsyscall_emu/64: Don't use RET in vsyscall emulation
    - x86/sev: Avoid using __x86_return_thunk
    - x86: Use return-thunk in asm code
    - x86/entry: Avoid very early RET
    - objtool: Treat .text.__x86.* as noinstr
    - x86: Add magic AMD return-thunk
    - x86/bugs: Report AMD retbleed vulnerability
    - x86/bugs: Add AMD retbleed= boot parameter
    - x86/bugs: Enable STIBP for JMP2RET
    - x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value
    - x86/entry: Add kernel IBRS implementation
    - x86/bugs: Optimize SPEC_CTRL MSR writes
    - x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS
    - x86/bugs: Split spectre_v2_select_mitigation() and
      spectre_v2_user_select_mitigation()
    - x86/bugs: Report Intel retbleed vulnerability
    - intel_idle: Disable IBRS during long idle
    - objtool: Update Retpoline validation
    - x86/xen: Rename SYS* entry points
    - x86/xen: Add UNTRAIN_RET
    - x86/bugs: Add retbleed=ibpb
    - x86/bugs: Do IBPB fallback check only once
    - objtool: Add entry UNRET validation
    - x86/cpu/amd: Add Spectral Chicken
    - x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n
    - x86/speculation: Fix firmware entry SPEC_CTRL handling
    - x86/speculation: Fix SPEC_CTRL write on SMT state change
    - x86/speculation: Use cached host SPEC_CTRL value for guest entry/exit
    - x86/speculation: Remove x86_spec_ctrl_mask
    - objtool: Re-add UNWIND_HINT_{SAVE_RESTORE}
    - KVM: VMX: Flatten __vmx_vcpu_run()
    - KVM: VMX: Convert launched argument to flags
    - KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS
    - KVM: VMX: Fix IBRS handling after vmexit
    - x86/speculation: Fill RSB on vmexit for IBRS
    - KVM: VMX: Prevent RSB underflow before vmenter
    - x86/common: Stamp out the stepping madness
    - x86/cpu/amd: Enumerate BTC_NO
    - x86/retbleed: Add fine grained Kconfig knobs
    - x86/bugs: Add Cannon lake to RETBleed affected CPU list
    - x86/entry: Move PUSH_AND_CLEAR_REGS() back into error_entry
    - x86/bugs: Do not enable IBPB-on-entry when IBPB is not supported
    - x86/kexec: Disable RET on kexec
    - x86/speculation: Disable RRSBA behavior
    - [Config]: Enable speculation mitigations
    - x86/static_call: Serialize __static_call_fixup() properly
    - x86/asm/32: Fix ANNOTATE_UNRET_SAFE use on 32-bit
    - x86/bugs: Mark retbleed_strings static
    - x86/entry: Remove UNTRAIN_RET from native_irq_return_ldt
    - x86/kvm: fix FASTOP_SIZE when return thunks are enabled
    - x86/speculation: Use DECLARE_PER_CPU for x86_spec_ctrl_current
    - KVM: emulate: do not adjust size of fastop and setcc subroutines
    - x86/bugs: Remove apostrophe typo
    - efi/x86: use naked RET on mixed mode call wrapper

 -- Thadeu Lima de Souza Cascardo <cascardo@xxxxxxxxxxxxx>  Mon, 08 Aug
2022 08:34:25 -0300

** Changed in: linux-lowlatency-hwe-5.15 (Ubuntu Focal)
       Status: New => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-2585

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-2586

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-2588

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-29900

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-29901

-- 
You received this bug notification because you are a member of hardware-
certification-users, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1983615

Title:
  focal/linux-lowlatency-hwe-5.15: 5.15.0-45.48~20.04.1 -proposed
  tracker

Status in Kernel SRU Workflow:
  In Progress
Status in Kernel SRU Workflow automated-testing series:
  Incomplete
Status in Kernel SRU Workflow boot-testing series:
  Fix Released
Status in Kernel SRU Workflow certification-testing series:
  Invalid
Status in Kernel SRU Workflow new-review series:
  Fix Released
Status in Kernel SRU Workflow prepare-package series:
  Fix Released
Status in Kernel SRU Workflow prepare-package-lrg series:
  Fix Released
Status in Kernel SRU Workflow prepare-package-lrm series:
  Fix Released
Status in Kernel SRU Workflow prepare-package-lrs series:
  Fix Released
Status in Kernel SRU Workflow prepare-package-meta series:
  Fix Released
Status in Kernel SRU Workflow prepare-package-signed series:
  Fix Released
Status in Kernel SRU Workflow promote-signing-to-proposed series:
  Invalid
Status in Kernel SRU Workflow promote-to-proposed series:
  Fix Released
Status in Kernel SRU Workflow promote-to-security series:
  New
Status in Kernel SRU Workflow promote-to-updates series:
  New
Status in Kernel SRU Workflow regression-testing series:
  Incomplete
Status in Kernel SRU Workflow security-signoff series:
  Fix Released
Status in Kernel SRU Workflow sru-review series:
  Fix Released
Status in Kernel SRU Workflow verification-testing series:
  Fix Released
Status in linux-lowlatency-hwe-5.15 source package in Focal:
  Fix Released

Bug description:
  This bug will contain status and test results related to a kernel
  source (or snap) as stated in the title.

  For an explanation of the tasks and the associated workflow see:
    https://wiki.ubuntu.com/Kernel/kernel-sru-workflow

  -- swm properties --
  boot-testing-requested: true
  bugs-spammed: true
  built:
    from: a21c75205ab64df8
    route-entry: 1
  delta:
    promote-to-proposed: [main, lrs, meta, lrm, signed, lrg]
  flag:
    boot-testing-requested: true
    bugs-spammed: true
    proposed-announcement-sent: true
    proposed-testing-requested: true
  issue: KSRU-4524
  kernel-stable-master-bug: 1983064
  packages:
    lrg: linux-restricted-generate-lowlatency-hwe-5.15
    lrm: linux-restricted-modules-lowlatency-hwe-5.15
    lrs: linux-restricted-signatures-lowlatency-hwe-5.15
    main: linux-lowlatency-hwe-5.15
    meta: linux-meta-lowlatency-hwe-5.15
    signed: linux-signed-lowlatency-hwe-5.15
  phase: Testing
  phase-changed: Friday, 05. August 2022 17:06 UTC
  proposed-announcement-sent: true
  proposed-testing-requested: true
  reason:
    automated-testing: Stalled -s testing FAILED
    regression-testing: Stalled -s testing FAILED
  synthetic:
    :promote-to-as-proposed: Fix Released
  variant: debs
  versions:
    lrm: 5.15.0-45.48~20.04.1
    main: 5.15.0-45.48~20.04.1
    meta: 5.15.0.45.48~20.04.14
    signed: 5.15.0-45.48~20.04.1
  ~~:
    clamps:
      new-review: a21c75205ab64df8
      promote-to-proposed: a21c75205ab64df8
      self: 5.15.0-45.48~20.04.1
      sru-review: a21c75205ab64df8

To manage notifications about this bug go to:
https://bugs.launchpad.net/kernel-sru-workflow/+bug/1983615/+subscriptions