This bug was fixed in the package linux - 3.13.0-160.210 --------------- linux (3.13.0-160.210) trusty; urgency=medium
* CVE-2018-14633 - iscsi target: Use hex2bin instead of a re-implementation * CVE-2018-14634 - exec: Limit arg stack to at most 75% of _STK_LIM linux (3.13.0-159.209) trusty; urgency=medium * linux: 3.13.0-159.209 -proposed tracker (LP: #1791754) * L1TF mitigation not effective in some CPU and RAM combinations (LP: #1788563) // CVE-2018-3620 // CVE-2018-3646 - x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit - x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM - x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ * CVE-2018-15594 - x86/paravirt: Fix spectre-v2 mitigations for paravirt guests * i40e NIC not recognized (LP: #1789215) - SAUCE: i40e_bpo: Import the i40e driver from Xenial 4.4 - SAUCE: i40e_bpo: Add a compatibility layer - SAUCE: i40e_bpo: Don't probe for NICs supported by the in-tree driver - SAUCE: i40e_bpo: Rename the driver to i40e_bpo - SAUCE: i40e_bpo: Hook the driver into the kernel tree - [Config] Add CONFIG_I40E_BPO=m * Probable regression with EXT3 file systems and CVE-2018-1093 patches (LP: #1789131) - ext4: fix bitmap position validation * CVE-2018-3620 // CVE-2018-3646 - mm: x86 pgtable: drop unneeded preprocessor ifdef - x86/asm: Move PUD_PAGE macros to page_types.h - x86/asm: Add pud/pmd mask interfaces to handle large PAT bit - x86/asm: Fix pud/pmd interfaces to handle large PAT bit - x86/mm: Fix regression with huge pages on PAE - SAUCE: x86/speculation/l1tf: Protect NUMA hinting PTEs against speculation - Revert "UBUNTU: [Config] disable NUMA_BALANCING" * CVE-2018-15572 - x86/retpoline: Fill RSB on context switch for affected CPUs - x86/speculation: Protect against userspace-userspace spectreRSB * CVE-2018-6555 - SAUCE: irda: Only insert new objects into the global database via setsockopt * CVE-2018-6554 - SAUCE: irda: Fix memory leak caused by repeated binds of irda socket * BUG: soft lockup - CPU#0 stuck for 23s! [kworker/0:1:1119] (LP: #1788817) - drm/ast: Fixed system hanged if disable P2A * errors when scanning partition table of corrupted AIX disk (LP: #1787281) - partitions/aix: fix usage of uninitialized lv_info and lvname structures - partitions/aix: append null character to print data from disk -- Stefan Bader <stefan.ba...@canonical.com> Mon, 24 Sep 2018 19:38:31 +0200 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1788563 Title: L1TF mitigation not effective in some CPU and RAM combinations Status in linux package in Ubuntu: Fix Released Status in linux source package in Trusty: Fix Released Status in linux source package in Xenial: Fix Released Status in linux source package in Bionic: Fix Committed Status in linux source package in Cosmic: Fix Released Bug description: == SRU Justification == This bug has been reported in multiple bugs and affects Trusty, Xenial and Bionic. All releases need different backports, so T and X will be sent in separate SRU requests. Due to this bug in the original L1TF patch set, L1TF mitigation not effective in certain CPU and installed RAM configurations. == Fixes == 9df9516940a6 ("x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit") b0a182f87568 ("x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM") cc51e5428ea5 ("x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+") == Regression Potential == Low. These are security fixes and have all been cc'd to upstream stable, so they have had additional upstream review. == Test Case == A test kernel was built with these patches and tested by the original bug reporter. The bug reporter states the test kernel resolved the bug. Lenovo Thinkpad W530 system with 32 GB RAM dmesg | grep -i l1tf [ 0.038386] L1TF: System has more than MAX_PA/2 memory. L1TF mitigation not effective. [ 2652.469669] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. Related: https://bugzilla.opensuse.org/show_bug.cgi?id=1105536 ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: linux-image-4.15.0-32-generic 4.15.0-32.35 ProcVersionSignature: Ubuntu 4.15.0-32.35-generic 4.15.18 Uname: Linux 4.15.0-32-generic x86_64 ApportVersion: 2.20.9-0ubuntu7.2 Architecture: amd64 AudioDevicesInUse: USER PID ACCESS COMMAND /dev/snd/controlC0: pgera 2809 F.... pulseaudio CurrentDesktop: Unity:Unity7:ubuntu Date: Thu Aug 23 03:38:40 2018 InstallationDate: Installed on 2018-08-11 (12 days ago) InstallationMedia: Ubuntu 18.04.1 LTS "Bionic Beaver" - Release amd64 (20180725) MachineType: LENOVO 24382LU ProcFB: 0 inteldrmfb ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.15.0-32-generic root=UUID=e2607c8a-4bd1-49fe-ad07-83046492fac5 ro quiet splash vt.handoff=1 RelatedPackageVersions: linux-restricted-modules-4.15.0-32-generic N/A linux-backports-modules-4.15.0-32-generic N/A linux-firmware 1.173.1 SourcePackage: linux UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 06/11/2018 dmi.bios.vendor: LENOVO dmi.bios.version: G5ETB2WW (2.72 ) dmi.board.asset.tag: Not Available dmi.board.name: 24382LU dmi.board.vendor: LENOVO dmi.board.version: NO DPK dmi.chassis.asset.tag: No Asset Information dmi.chassis.type: 10 dmi.chassis.vendor: LENOVO dmi.chassis.version: Not Available dmi.modalias: dmi:bvnLENOVO:bvrG5ETB2WW(2.72):bd06/11/2018:svnLENOVO:pn24382LU:pvrThinkPadW530:rvnLENOVO:rn24382LU:rvrNODPK:cvnLENOVO:ct10:cvrNotAvailable: dmi.product.family: ThinkPad W530 dmi.product.name: 24382LU dmi.product.version: ThinkPad W530 dmi.sys.vendor: LENOVO To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1788563/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp