APPLIED[B/K]: [SRU][B/J/K/OEM-5.14/OEM-5.17/OEM-6.0][PATCH v2 0/1] CVE-2023-0045
Luke Nowakowski-Krijger
luke.nowakowskikrijger at canonical.com
Fri Feb 10 21:38:44 UTC 2023
Applied to bionic and kinetic linux master-next
Thanks!
- Luke
On Thu, Feb 9, 2023 at 12:11 PM Yuxuan Luo <yuxuan.luo at canonical.com> wrote:
> [Impact]
> It is discovered that the Linux kernel fails to correctly mitigate the
> Spectre-BTI attacks, leaving the process exposed for a short period of time
> after the syscall, which renders the victim vulnerable to values already
> injected on the BTB, prior to the prctl syscall.
>
> [Backport]
> It is a clean cherry-pick for all three affected kernels.
>
> [Test]
> Compile, boot, and run the PoC given by the discoverer:
> https://github.com/es0j/CVE-2023-0045
>
> [Potential Regression]
> The risk of the potential regression should be fairly low and limited to
> the
> specific file.
>
> Rodrigo Branco (1):
> x86/bugs: Flush IBP in ib_prctl_set()
>
> arch/x86/kernel/cpu/bugs.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> --
> 2.34.1
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20230210/c5580e13/attachment-0001.html>
More information about the kernel-team
mailing list