Bug 56430 – linux: Multiple issues (5.0)

Bug 56430 - linux: Multiple issues (5.0)


Summary:	linux: Multiple issues (5.0)

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	Security updates
Version:	UCS 5.0
Hardware:	All Linux

Importance:	P3 normal (vote)
Target Milestone:	UCS 5.0-4-errata
Assigned To:	Quality Assurance
QA Contact:	Philipp Hahn

URL:
Keywords:

Duplicates:	56433 (view as bug list)
Depends on:
Blocks:	56818
	Show dependency tree / graph

Reported:	2023-08-15 09:18 CEST by Quality Assurance
Modified:	2023-11-13 09:02 CET (History)
CC List:	0 users

See Also:
What kind of report is it?:	Security Issue
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:	6.5 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Quality Assurance

2023-08-15 09:18:27 CEST

New Debian linux 4.19.289-2 fixes:
This update addresses the following issue:
4.19.289-2 (Tue, 08 Aug 2023 04:35:25 +0200)
* [x86] Add mitigations for Gather Data Sampling (GDS) (CVE-2022-40982) -  init: Provide arch_cpu_finalize_init() - x86/cpu: Switch to  arch_cpu_finalize_init() - ARM: cpu: Switch to arch_cpu_finalize_init() -  init: Remove check_bugs() leftovers - init: Invoke arch_cpu_finalize_init()  earlier - init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init()  - x86/fpu: Remove cpuinfo argument from init functions - x86/fpu: Mark init  functions __init - x86/fpu: Move FPU initialization into  arch_cpu_finalize_init() - x86/speculation: Add Gather Data Sampling  mitigation - x86/speculation: Add force option to GDS mitigation -  x86/speculation: Add Kconfig option for GDS - KVM: Add GDS_NO support to  KVM - x86/xen: Fix secondary processors' FPU initialization -  Documentation/x86: Fix backwards on/off logic about YMM support
* [x86] cpu: Avoid ABI change for GDS mitigations

Comment 1 Philipp Hahn

2023-08-15 09:24:36 CEST

*** Bug 56433 has been marked as a duplicate of this bug. ***

Comment 2 Quality Assurance

2023-08-15 10:00:39 CEST

--- mirror/ftp/pool/main/l/linux/linux_4.19.289-1.dsc
+++ apt/ucs_5.0-0-errata5.0-4/source/linux_4.19.289-2.dsc
@@ -1,3 +1,23 @@
+4.19.289-2 [Tue, 08 Aug 2023 04:35:25 +0200] Ben Hutchings <benh@debian.org>:
+
+  * [x86] Add mitigations for Gather Data Sampling (GDS) (CVE-2022-40982)
+    - init: Provide arch_cpu_finalize_init()
+    - x86/cpu: Switch to arch_cpu_finalize_init()
+    - ARM: cpu: Switch to arch_cpu_finalize_init()
+    - init: Remove check_bugs() leftovers
+    - init: Invoke arch_cpu_finalize_init() earlier
+    - init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init()
+    - x86/fpu: Remove cpuinfo argument from init functions
+    - x86/fpu: Mark init functions __init
+    - x86/fpu: Move FPU initialization into arch_cpu_finalize_init()
+    - x86/speculation: Add Gather Data Sampling mitigation
+    - x86/speculation: Add force option to GDS mitigation
+    - x86/speculation: Add Kconfig option for GDS
+    - KVM: Add GDS_NO support to KVM
+    - x86/xen: Fix secondary processors' FPU initialization
+    - Documentation/x86: Fix backwards on/off logic about YMM support
+  * [x86] cpu: Avoid ABI change for GDS mitigations
+
 4.19.289-1 [Tue, 25 Jul 2023 01:50:13 +0200] Ben Hutchings <benh@debian.org>:
 
   * New upstream stable update:

<http://piuparts.knut.univention.de/5.0-4/#8478701157158219187>

Comment 3 Philipp Hahn

2023-08-15 18:11:41 CEST

<http://piuparts.knut.univention.de/5.0-4/#835393849069907968>

Comment 4 Philipp Hahn

2023-08-15 18:39:30 CEST

OK: bug
OK: yaml
OK: announce_errata
OK: patch
OK: piuparts
OK: apt-get install -t apt
OK: amd64 @ kvm + SeaBIOS
OK: amd64 @ kvm + OVMF + SB
IGN: mokutil --sb-state
OK: dmesg -H | grep -i secure
OK: uname -a
OK: dmesg -H
OK: ./linux-dmesg-norm -a
OK: Rebuild latest ISO with new D-I: isotests/ucs_5.0-2-latest-amd64.iso
OK: amd64 @ kvm + OVMF + SB install

[5.0-4] c912914b2a Bug #56430: linux 4.19.289-2
 doc/errata/staging/linux.yaml | 1 +
 1 file changed, 1 insertion(+)

[5.0-4] 8945db3909 Bug #56430: linux 4.19.289-2
 doc/errata/staging/linux.yaml | 15 +--------------
 1 file changed, 1 insertion(+), 14 deletions(-)

[5.0-4] e00e55554e Bug #56430: linux 4.19.289-2
 doc/errata/staging/linux.yaml | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

Comment 5 Philipp Hahn

2023-08-16 14:50:03 CEST

<https://errata.software-univention.de/#/?erratum=5.0x782>
<https://errata.software-univention.de/#/?erratum=5.0x783>