ACK Re: CVE-2020-2732
benjamin.romer at canonical.com
benjamin.romer at canonical.com
Thu Feb 27 19:05:30 UTC 2020
These patches look correct to me. We will likely need to drop the
prereq patch in livepatches, but I do not believe that will adversely
effect fixing the CVE.
Signed-off-by: Benjamin M Romer <benjamin.romer at canonical.com>
On Thu, 2020-02-27 at 15:51 -0300, Thadeu Lima de Souza Cascardo wrote:
> These are backports of the fixes to CVE-2020-2732. They affect X86
> hosts. A
> nested guest (L2) may execute disallowed code, leading to access to
> L1
> resources.
>
> I used the backport from 4.4.y, which includes "emulate RDPID" as a
> pre-req, so
> we divert the least as possible from stable upstream.
>
> I did the same for Bionic 4.15, using the backports from 4.14.y.
>
> D/E/F have been built-tested, Ben Romer did some nested guest smoke
> testing
> with the Bionic patches, although with a version without the pre-req.
>
> Xenial is build testing right now. More tests are in development.
>
>
>
More information about the kernel-team
mailing list