← Back to team overview

group.of.nepali.translators team mailing list archive

[Bug 1774181] Re: Update to upstream's implementation of Spectre v1 mitigation

 

This bug was fixed in the package linux - 3.13.0-157.207

---------------
linux (3.13.0-157.207) trusty; urgency=medium

  * linux: 3.13.0-157.207 -proposed tracker (LP: #1787982)

  * CVE-2017-5715 (Spectre v2 retpoline)
    - SAUCE: Fix "x86/retpoline/entry: Convert entry assembler indirect jumps"

  * CVE-2017-2583
    - KVM: x86: fix emulation of "MOV SS, null selector"

  * CVE-2017-7518
    - KVM: x86: fix singlestepping over syscall

  * CVE-2017-18270
    - KEYS: prevent creating a different user's keyrings

  * Update to upstream's implementation of Spectre v1 mitigation (LP: #1774181)
    - Documentation: Document array_index_nospec
    - array_index_nospec: Sanitize speculative array de-references
    - x86: Implement array_index_mask_nospec
    - x86: Introduce barrier_nospec
    - x86/get_user: Use pointer masking to limit speculation
    - x86/syscall: Sanitize syscall table de-references under speculation
    - vfs, fdtable: Prevent bounds-check bypass via speculative execution
    - nl80211: Sanitize array index in parse_txq_params
    - x86/spectre: Report get_user mitigation for spectre_v1
    - x86/kvm: Update spectre-v1 mitigation
    - nospec: Allow index argument to have const-qualified type
    - nospec: Move array_index_nospec() parameter checking into separate macro
    - nospec: Kill array_index_nospec_mask_check()
    - SAUCE: Replace osb() calls with array_index_nospec()
    - SAUCE: Rename osb() to barrier_nospec()
    - SAUCE: x86: Use barrier_nospec in arch/x86/um/asm/barrier.h

  * Prevent speculation on user controlled pointer (LP: #1775137)
    - x86: reorganize SMAP handling in user space accesses
    - x86: fix SMAP in 32-bit environments
    - x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec
    - x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end}
    - x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec

  * CVE-2016-10208
    - ext4: validate s_first_meta_bg at mount time
    - ext4: fix fencepost in s_first_meta_bg validation

  * CVE-2018-10323
    - xfs: set format back to extents if xfs_bmap_extents_to_btree

  * CVE-2017-16911
    - usbip: prevent vhci_hcd driver from leaking a socket pointer address

  * CVE-2018-13406
    - video: uvesafb: Fix integer overflow in allocation

  * CVE-2018-10877
    - ext4: verify the depth of extent tree in ext4_find_extent()

  * CVE-2018-10881
    - ext4: clear i_data in ext4_inode_info when removing inline data

  * CVE-2018-1092
    - ext4: fail ext4_iget for root directory if unallocated

  * CVE-2018-1093
    - ext4: fix block bitmap validation when bigalloc, ^flex_bg
    - ext4: add validity checks for bitmap block numbers

  * CVE-2018-12233
    - jfs: Fix inconsistency between memory allocation and ea_buf->max_size

  * CVE-2017-16912
    - usbip: fix stub_rx: get_pipe() to validate endpoint number

  * CVE-2018-10675
    - mm/mempolicy: fix use after free when calling get_mempolicy

  * CVE-2017-8831
    - saa7164: fix sparse warnings
    - saa7164: fix double fetch PCIe access condition

  * CVE-2017-16533
    - HID: usbhid: fix out-of-bounds bug

  * CVE-2017-16538
    - media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner
    - media: dvb-usb-v2: lmedm04: Improve logic checking of warm start

  * CVE-2017-16644
    - hdpvr: Remove deprecated create_singlethread_workqueue
    - media: hdpvr: Fix an error handling path in hdpvr_probe()

  * CVE-2017-16645
    - Input: ims-psu - check if CDC union descriptor is sane

  * CVE-2017-5549
    - USB: serial: kl5kusb105: fix line-state error handling

  * CVE-2017-16532
    - usb: usbtest: fix NULL pointer dereference

  * CVE-2017-16537
    - media: imon: Fix null-ptr-deref in imon_probe

  * CVE-2017-11472
    - ACPICA: Add additional debug info/statements
    - ACPICA: Namespace: fix operand cache leak

  * CVE-2017-16643
    - Input: gtco - fix potential out-of-bound access

  * CVE-2017-16531
    - USB: fix out-of-bounds in usb_set_configuration

  * CVE-2018-10124
    - kernel/signal.c: avoid undefined behaviour in kill_something_info

  * CVE-2017-6348
    - irda: Fix lockdep annotations in hashbin_delete().

  * CVE-2017-17558
    - USB: core: prevent malicious bNumInterfaces overflow

  * CVE-2017-5897
    - ip6_gre: fix ip6gre_err() invalid reads

  * CVE-2017-6345
    - SAUCE: import sock_efree()
    - net/llc: avoid BUG_ON() in skb_orphan()

  * CVE-2017-7645
    - nfsd: check for oversized NFSv2/v3 arguments

  * CVE-2017-9984
    - ALSA: msnd: Optimize / harden DSP and MIDI loops

  * CVE-2018-1000204
    - scsi: sg: allocate with __GFP_ZERO in sg_build_indirect()

  * CVE-2018-10021
    - scsi: libsas: defer ata device eh commands to libata

  * CVE-2017-16914
    - usbip: fix stub_send_ret_submit() vulnerability to null transfer_buffer

  * CVE-2017-16913
    - usbip: fix stub_rx: harden CMD_SUBMIT path to handle malicious input

  * CVE-2017-16535
    - USB: core: fix out-of-bounds access bug in usb_get_bos_descriptor()

  * CVE-2017-16536
    - cx231xx-cards: fix NULL-deref on missing association descriptor

  * CVE-2017-16650
    - net: qmi_wwan: fix divide by 0 on bad descriptors

  * CVE-2017-18255
    - perf/core: Fix the perf_cpu_time_max_percent check

  * CVE-2018-10940
    - cdrom: information leak in cdrom_ioctl_media_changed()

  * CVE-2018-13094
    - xfs: don't call xfs_da_shrink_inode with NULL bp

  * other users' coredumps can be read via setgid directory and killpriv bypass
    (LP: #1779923) // CVE-2018-13405
    - Fix up non-directory creation in SGID directories

  * CVE-2017-16529
    - ALSA: usb-audio: Check out-of-bounds access by corrupted buffer descriptor

  * CVE-2017-2671
    - ping: implement proper locking

  * CVE-2017-15649
    - packet: hold bind lock when rebinding to fanout hook
    - packet: in packet_do_bind, test fanout with bind_lock held

  * CVE-2017-16527
    - ALSA: usb-audio: Kill stray URB at exiting

  * CVE-2017-16526
    - uwb: properly check kthread_run return value

  * CVE-2017-11473
    - x86/acpi: Prevent out of bound access caused by broken ACPI tables

  * CVE-2017-14991
    - scsi: sg: fixup infoleak when using SG_GET_REQUEST_TABLE

  * CVE-2017-2584
    - KVM: x86: Introduce segmented_write_std

  * CVE-2018-10087
    - kernel/exit.c: avoid undefined behaviour when calling wait4()

  * fscache: Fix hanging wait on page discarded by writeback (LP: #1777029)
    - fscache: Fix hanging wait on page discarded by writeback

 -- Khalid Elmously <khalid.elmously@xxxxxxxxxxxxx>  Mon, 20 Aug 2018
12:07:46 -0400

** Changed in: linux (Ubuntu Trusty)
       Status: Fix Committed => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-10208

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-11472

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-11473

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-14991

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-15649

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-16526

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-16527

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-16529

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-16531

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-16532

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-16533

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-16535

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-16536

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-16537

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-16538

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-16643

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-16644

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-16645

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-16650

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-16911

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-16912

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-16913

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-16914

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-17558

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-18255

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-18270

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-2583

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-2584

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-2671

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5549

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5715

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5897

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-6345

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-6348

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-7518

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-7645

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-8831

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9984

** CVE added: https://cve.mitre.org/cgi-
bin/cvename.cgi?name=2018-1000204

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-10021

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-10087

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-10124

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-10323

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-10675

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-10877

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-10881

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-1092

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-1093

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-10940

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-12233

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-13094

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-13405

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-13406

** Changed in: linux (Ubuntu Trusty)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1774181

Title:
  Update to upstream's implementation of Spectre v1 mitigation

Status in linux package in Ubuntu:
  Incomplete
Status in linux source package in Precise:
  New
Status in linux source package in Trusty:
  Fix Released
Status in linux source package in Xenial:
  Fix Released

Bug description:
  Xenial/Trusty/Precise are currently lacking full support of upstream's
  Spectre v1 mitigation. Add the missing patches and merge them with
  Ubuntu's current implementation.

  == SRU Justification ==
  Ubuntu's Spectre v1 mitigation is based on the original embargoed patchset which introduced a barrier macro to prevent speculation beyond array boundaries for user controlled indices. What eventually landed in upstream is slightly different and uses a barrier macro in combination with a masking solution (plus syscall table and user pointer sanitation). During the updates to newer stable upstream versions, all those patches were skipped. After reviewing them, we want to bring them back and merge them with the current implementation which brings us back in sync with upstream stable.

  == Fix ==
  Add all the missing Spectre v1 patches from upstream stable 4.4.118 to 4.4.131. Where appropriate, replace Ubuntu's additional barriers with the masking macro.

  == Regression Potential ==
  Low. The patches have been in upstream for quite a while now and we keep the speculation barriers that are currently in Ubuntu but not in upstream.

  == Test Case ==
  TBD.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1774181/+subscriptions