This bug was fixed in the package linux - 3.13.0-160.210
---------------
linux (3.13.0-160.210) trusty; urgency=medium
* CVE-2018-14633
- iscsi target: Use hex2bin instead of a re-implementation
* CVE-2018-14634
- exec: Limit arg stack to at most 75% of _STK_LIM
linux (3.13.0-159.209) trusty; urgency=medium
* linux: 3.13.0-159.209 -proposed tracker (LP: #1791754)
* L1TF mitigation not effective in some CPU and RAM combinations
(LP: #1788563) // CVE-2018-3620 // CVE-2018-3646
- x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit
- x86/speculation/l1tf: Fix off-by-one error when warning that system has
too
much RAM
- x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+
* CVE-2018-15594
- x86/paravirt: Fix spectre-v2 mitigations for paravirt guests
* i40e NIC not recognized (LP: #1789215)
- SAUCE: i40e_bpo: Import the i40e driver from Xenial 4.4
- SAUCE: i40e_bpo: Add a compatibility layer
- SAUCE: i40e_bpo: Don't probe for NICs supported by the in-tree driver
- SAUCE: i40e_bpo: Rename the driver to i40e_bpo
- SAUCE: i40e_bpo: Hook the driver into the kernel tree
- [Config] Add CONFIG_I40E_BPO=m
* Probable regression with EXT3 file systems and CVE-2018-1093 patches
(LP: #1789131)
- ext4: fix bitmap position validation
* CVE-2018-3620 // CVE-2018-3646
- mm: x86 pgtable: drop unneeded preprocessor ifdef
- x86/asm: Move PUD_PAGE macros to page_types.h
- x86/asm: Add pud/pmd mask interfaces to handle large PAT bit
- x86/asm: Fix pud/pmd interfaces to handle large PAT bit
- x86/mm: Fix regression with huge pages on PAE
- SAUCE: x86/speculation/l1tf: Protect NUMA hinting PTEs against speculation
- Revert "UBUNTU: [Config] disable NUMA_BALANCING"
* CVE-2018-15572
- x86/retpoline: Fill RSB on context switch for affected CPUs
- x86/speculation: Protect against userspace-userspace spectreRSB
* CVE-2018-6555
- SAUCE: irda: Only insert new objects into the global database via
setsockopt
* CVE-2018-6554
- SAUCE: irda: Fix memory leak caused by repeated binds of irda socket
* BUG: soft lockup - CPU#0 stuck for 23s! [kworker/0:1:1119] (LP: #1788817)
- drm/ast: Fixed system hanged if disable P2A
* errors when scanning partition table of corrupted AIX disk (LP: #1787281)
- partitions/aix: fix usage of uninitialized lv_info and lvname structures
- partitions/aix: append null character to print data from disk
-- Stefan Bader <stefan.ba...@canonical.com> Mon, 24 Sep 2018 19:38:31
+0200
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1788563
Title:
L1TF mitigation not effective in some CPU and RAM combinations
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Trusty:
Fix Released
Status in linux source package in Xenial:
Fix Released
Status in linux source package in Bionic:
Fix Committed
Status in linux source package in Cosmic:
Fix Released
Bug description:
== SRU Justification ==
This bug has been reported in multiple bugs and affects Trusty,
Xenial and Bionic. All releases need different backports, so T and X
will be sent in separate SRU requests.
Due to this bug in the original L1TF patch set, L1TF mitigation not
effective in certain CPU and installed RAM configurations.
== Fixes ==
9df9516940a6 ("x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on
32bit")
b0a182f87568 ("x86/speculation/l1tf: Fix off-by-one error when warning that
system has too much RAM")
cc51e5428ea5 ("x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+")
== Regression Potential ==
Low. These are security fixes and have all been cc'd to upstream
stable, so they have had additional upstream review.
== Test Case ==
A test kernel was built with these patches and tested by the original bug
reporter.
The bug reporter states the test kernel resolved the bug.
Lenovo Thinkpad W530 system with 32 GB RAM
dmesg | grep -i l1tf
[ 0.038386] L1TF: System has more than MAX_PA/2 memory. L1TF mitigation
not effective.
[ 2652.469669] L1TF CPU bug present and SMT on, data leak possible. See
CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html
for details.
Related:
https://bugzilla.opensuse.org/show_bug.cgi?id=1105536
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: linux-image-4.15.0-32-generic 4.15.0-32.35
ProcVersionSignature: Ubuntu 4.15.0-32.35-generic 4.15.18
Uname: Linux 4.15.0-32-generic x86_64
ApportVersion: 2.20.9-0ubuntu7.2
Architecture: amd64
AudioDevicesInUse:
USER PID ACCESS COMMAND
/dev/snd/controlC0: pgera 2809 F.... pulseaudio
CurrentDesktop: Unity:Unity7:ubuntu
Date: Thu Aug 23 03:38:40 2018
InstallationDate: Installed on 2018-08-11 (12 days ago)
InstallationMedia: Ubuntu 18.04.1 LTS "Bionic Beaver" - Release amd64
(20180725)
MachineType: LENOVO 24382LU
ProcFB: 0 inteldrmfb
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.15.0-32-generic
root=UUID=e2607c8a-4bd1-49fe-ad07-83046492fac5 ro quiet splash vt.handoff=1
RelatedPackageVersions:
linux-restricted-modules-4.15.0-32-generic N/A
linux-backports-modules-4.15.0-32-generic N/A
linux-firmware 1.173.1
SourcePackage: linux
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 06/11/2018
dmi.bios.vendor: LENOVO
dmi.bios.version: G5ETB2WW (2.72 )
dmi.board.asset.tag: Not Available
dmi.board.name: 24382LU
dmi.board.vendor: LENOVO
dmi.board.version: NO DPK
dmi.chassis.asset.tag: No Asset Information
dmi.chassis.type: 10
dmi.chassis.vendor: LENOVO
dmi.chassis.version: Not Available
dmi.modalias:
dmi:bvnLENOVO:bvrG5ETB2WW(2.72):bd06/11/2018:svnLENOVO:pn24382LU:pvrThinkPadW530:rvnLENOVO:rn24382LU:rvrNODPK:cvnLENOVO:ct10:cvrNotAvailable:
dmi.product.family: ThinkPad W530
dmi.product.name: 24382LU
dmi.product.version: ThinkPad W530
dmi.sys.vendor: LENOVO
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1788563/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
