diff options
author | Ben Hutchings <ben@decadent.org.uk> | 2019-11-11 02:43:56 +0000 |
---|---|---|
committer | Ben Hutchings <ben@decadent.org.uk> | 2019-11-11 02:43:56 +0000 |
commit | 8e3d8fcf5a464ae9dd213fae24987936e93bb95a (patch) | |
tree | 3ecced9d561a30102922fb3104af3892bb5195d2 | |
parent | a9969082a49cd73945961ebf7a429e07584caae2 (diff) |
Add DSA text for pending fixes
-rw-r--r-- | dsa-texts/4.19.67-2+deb10u2 | 88 | ||||
l--------- | dsa-texts/4.9.189-3+deb9u2 | 1 |
2 files changed, 89 insertions, 0 deletions
diff --git a/dsa-texts/4.19.67-2+deb10u2 b/dsa-texts/4.19.67-2+deb10u2 new file mode 100644 index 00000000..3dcb3c5c --- /dev/null +++ b/dsa-texts/4.19.67-2+deb10u2 @@ -0,0 +1,88 @@ +Package : linux +CVE ID : CVE-2018-12207 CVE-2019-0154 CVE-2019-0155 CVE-2019-11135 + +Several vulnerabilities have been discovered in the Linux kernel that +may lead to a privilege escalation, denial of service, or information +leak. + +CVE-2018-12207 + + It was discovered that on Intel CPUs supporting hardware + virtualisation with Extended Page Tables (EPT), a guest VM may + manipulate the memory management hardware to cause a Machine Check + Error (MCE) and denial of service (hang or crash). + + The guest triggers this error by changing page tables without a + TLB flush, so that both 4 KB and 2 MB entries for the same virtual + address are loaded into the instruction TLB (iTLB). This update + implements a mitigation in KVM that prevents guest VMs from + loading 2 MB entries into the iTLB. This will reduce performance + of guest VMs. + + Further information on the mitigation can be found at + <https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/multihit.html> + or in the linux-doc-4.9 or linux-doc-4.19 package. + + Intel's explanation of the issue can be found at + <https://software.intel.com/security-software-guidance/insights/deep-dive-machine-check-error-avoidance-page-size-change>. + +CVE-2019-0154 + + Intel discovered that on their 8th and 9th generation GPUs, + reading certain registers while the GPU is in a low-power state + can cause a system hang. A local user permitted to use the GPU + can use this for denial of service. + + This update mitigates the issue through changes to the i915 + driver. + + The affected chips (gen8 and gen9) are listed at + <https://en.wikipedia.org/wiki/List_of_Intel_graphics_processing_units#Gen8>. + +CVE-2019-0155 + + Intel discovered that their 9th generation and newer GPUs are + missing a security check in the Blitter Command Streamer (BCS). A + local user permitted to use the GPU could use this to access any + memory that the GPU has access to, which could result in a denial + of service (memory corruption or crash), a leak of sensitive + information, or privilege escalation. + + This update mitigates the issue by adding the security check to + the i915 driver. + + The affected chips (gen9 onward) are listed at + <https://en.wikipedia.org/wiki/List_of_Intel_graphics_processing_units#Gen9>. + +CVE-2019-11135 + + It was discovered that on Intel CPUs supporting transactional + memory (TSX), a transaction that is going to be aborted may + continue to execute speculatively, reading sensitive data from + internal buffers and leaking it through dependent operations. + Intel calls this "TSX Asynchronous Abort" (TAA). + + For CPUs affected by the previously published Microarchitectural + Data Sampling (MDS) issues (CVE-2018-12126, CVE-2018-12127, + CVE-2018-12130, CVE-2019-11091). the existing mitigation also + mitigates this issue. + + For processors that are vulnerable to TAA but not MDS, this update + disables TSX by default. This mitigation requires updated CPU + microcode. An updated intel-microcode package (only available in + Debian non-free) will be provided via DSA-XXXX-1. The updated CPU + microcode may also be available as part of a system firmware + ("BIOS") update. + + Further information on the mitigation can be found at + <https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/tsx_async_abort.html> + or in the linux-doc-4.9 or linux-doc-4.19 package. + + Intel's explanation of the issue can be found at + <https://software.intel.com/security-software-guidance/insights/deep-dive-intel-transactional-synchronization-extensions-intel-tsx-asynchronous-abort>. + +For the oldstable distribution (stretch), these problems have been fixed +in version 4.9.189-3+deb9u2. + +For the stable distribution (buster), these problems have been fixed in +version 4.19.67-2+deb10u2. diff --git a/dsa-texts/4.9.189-3+deb9u2 b/dsa-texts/4.9.189-3+deb9u2 new file mode 120000 index 00000000..f2d7122a --- /dev/null +++ b/dsa-texts/4.9.189-3+deb9u2 @@ -0,0 +1 @@ +4.19.67-2+deb10u2
\ No newline at end of file |