[ubuntu/impish-security] linux-raspi 5.13.0-1020.22 (Accepted)
Andy Whitcroft
apw at canonical.com
Tue Mar 8 21:32:31 UTC 2022
linux-raspi (5.13.0-1020.22) impish; urgency=medium
[ Ubuntu: 5.13.0-35.40 ]
* CVE-2022-0847
- lib/iov_iter: initialize "flags" in new pipe_buffer
linux-raspi (5.13.0-1019.21) impish; urgency=medium
* CVE-2022-23960
- [Config] raspi: set CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY=y
[ Ubuntu: 5.13.0-33.37 ]
* CVE-2022-23960
- arm64: assembler: add set_this_cpu_offset
- arm64: insn: Add barrier encodings
- arm64: add ID_AA64ISAR2_EL1 sys register
- arm64: Add Neoverse-N2, Cortex-A710 CPU part definition
- arm64: Add Cortex-X2 CPU part definition
- arm64: Add Cortex-A510 CPU part definition
- SAUCE: arm64: entry.S: Add ventry overflow sanity checks
- SAUCE: arm64: spectre: Rename spectre_v4_patch_fw_mitigation_conduit
- SAUCE: KVM: arm64: Allow indirect vectors to be used without SPECTRE_V3A
- SAUCE: arm64: entry: Make the trampoline cleanup optional
- SAUCE: arm64: entry: Free up another register on kpti's tramp_exit path
- SAUCE: arm64: entry: Move the trampoline data page before the text page
- SAUCE: arm64: entry: Allow tramp_alias to access symbols after the 4K
boundary
- SAUCE: arm64: entry: Don't assume tramp_vectors is the start of the vectors
- SAUCE: arm64: entry: Move trampoline macros out of ifdef'd section
- SAUCE: arm64: entry: Make the kpti trampoline's kpti sequence optional
- SAUCE: arm64: entry: Allow the trampoline text to occupy multiple pages
- SAUCE: arm64: entry: Add non-kpti __bp_harden_el1_vectors for mitigations
- SAUCE: arm64: entry: Add vectors that have the bhb mitigation sequences
- SAUCE: arm64: entry: Add macro for reading symbol addresses from the
trampoline
- SAUCE: arm64: Add percpu vectors for EL1
- SAUCE: arm64: proton-pack: Report Spectre-BHB vulnerabilities as part of
Spectre-v2
- SAUCE: arm64: Mitigate spectre style branch history side channels
- SAUCE: KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and
migrated
- SAUCE: arm64: Use the clearbhb instruction in mitigations
- [Config]: set CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY=y
* CVE-2022-25636
- netfilter: nf_tables_offload: incorrect flow offload action array size
* CVE-2022-0001
- x86,bugs: Unconditionally allow spectre_v2=retpoline,amd
- SAUCE: x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE
- SAUCE: x86/speculation: Add eIBRS + Retpoline options
- SAUCE: Documentation/hw-vuln: Update spectre doc
Date: 2022-03-07 13:04:10.936293+00:00
Changed-By: Juerg Haefliger <juergh at canonical.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux-raspi/5.13.0-1020.22
-------------- next part --------------
Sorry, changesfile not available.
More information about the impish-changes
mailing list