Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0ebe3536 by Salvatore Bonaccorso at 2022-06-28T20:24:30+02:00
Track Processor MMIO Stale Data vulnerabilities as well for src:linux
After short discussion with kernel maintainers add tracking as well for
src:linux for the three CVEs CVE-2022-21123, CVE-2022-21125,
CVE-2022-21166 on kernel side as well and not only for intel-microcode.
5.18.5, 5.15.48, 5.10.123, 5.4.199, 4.19.248, 4.14.284, and 4.9.319 all
got the fixes backported implementing the mitigations on kernel side
along with the needed intel-microcode update.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -46353,6 +46353,7 @@ CVE-2022-21180 (Improper input validation for some
Intel(R) Processors may allow
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00645.html
CVE-2022-21166 (Incomplete cleanup in specific special register write
operations for s ...)
- intel-microcode 3.20220510.1
+ - linux 5.18.5-1
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html
NOTE:
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/processor-mmio-stale-data-vulnerabilities.html#DRPW
NOTE: Linux kernel documentation patch:
https://git.kernel.org/linus/4419470191386456e0b8ed4eb06a70b0021798a6
@@ -46364,12 +46365,14 @@ CVE-2022-21127 (Incomplete cleanup in specific
special register read operations
NOTE: https://xenbits.xen.org/xsa/advisory-404.html
CVE-2022-21125 (Incomplete cleanup of microarchitectural fill buffers on some
Intel(R) ...)
- intel-microcode 3.20220510.1
+ - linux 5.18.5-1
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html
NOTE:
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/processor-mmio-stale-data-vulnerabilities.html#SBDS
NOTE: Linux kernel documentation patch:
https://git.kernel.org/linus/4419470191386456e0b8ed4eb06a70b0021798a6
NOTE: NOTE: https://xenbits.xen.org/xsa/advisory-404.html
CVE-2022-21123 (Incomplete cleanup of multi-core shared buffers for some
Intel(R) Proc ...)
- intel-microcode 3.20220510.1
+ - linux 5.18.5-1
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html
NOTE:
https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/processor-mmio-stale-data-vulnerabilities.html#SBDR
NOTE: Linux kernel documentation patch:
https://git.kernel.org/linus/4419470191386456e0b8ed4eb06a70b0021798a6
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ebe353669d60829d592679bfc192866cf691ec7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ebe353669d60829d592679bfc192866cf691ec7
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
