Retire everywhere released CVEs

4 files changed, 66 insertions, 0 deletions

diff --git a/retired/CVE-2018-12207 b/retired/CVE-2018-12207
new file mode 100644
index 000000000..f427e06ab
--- /dev/null
+++ b/retired/CVE-2018-12207
@@ -0,0 +1,16 @@
+Description: Machine Check Error on Page Size Change
+References:
+ https://blogs.intel.com/technology/2019/11/ipas-november-2019-intel-platform-update-ipu/
+ https://software.intel.com/security-software-guidance/insights/deep-dive-machine-check-error-avoidance-page-size-change-0
+Notes:
+ bwh> Exploitable only by VM guests on Intel
+ bwh> CPUs.  Will be fixed by "NX" patch series.
+Bugs:
+upstream: released (5.4-rc8) [833b45de69a6016c4b0cebe6765d526a31a81580, db4d30fbb71b47e4ecb11c4efa5d8aad4b03dfae, cad14885a8d32c1c0d8eaa7bf5c0152a22b6080e, 731dc9df975a5da21237a18c3384f811a7a41cc6, b8e8c8303ff28c61046a4d0f6ea99aea609a7dc0, c57c80467f90e5504c8df9ad3555d2c78800bf94, 1aa9b9572b10529c2e64e2b8f44025d86e124308, 7f00cc8d4a51074eb0ad4c3f16c15757b1ddfb7d]
+4.19-upstream-stable: released (4.19.84) [a991063ce57684a2259688886643cf1c430f8188, f9aa6b73a407b714c9aac44734eb4045c893c6f7, 955607466ace0455164cf391a93c23918022e8e8, db5ae6596ae2ba03f66cfeceea4b65e35785600a, 5219505fcbb640e273a0d51c19c38de0100ec5a9, 6082f2e28887bcef66d9b3b5710fd3491a722f0b, 46a4a014c48e64e28970ca775bb7adf4778821af, 580c79e7e3e50afbd5a69b2b6ab2c61c5225f48e]
+4.9-upstream-stable: released (4.9.202) [43a39a3e9b0573cd4383e52d8ded9965ae8994c5, 61524f1bccc041b7871a21984b69b8e538f446c0, c6170b81e7b78942cb4b36fc72cbd75145fd08d5, 2f57300f68fb40acff2e350686ec5e41463526c1, 2e013f0fa714399d91c0fc9e3e4d64a9b517db6c, 1d48204bd77090c950b13106ab51821729ae0d72, 515fa37a3e550ac7f291fb295b4e6174b6bbbd85, 9dc6bc3f22f08099a27c38c68983fbc419e879f3, 52644d80850a3fe965ee964e903acef7be61a62c, 1b08d2ab698ddf78833717908e2a41336ab9c6ef, 12ceedb7604dfbe370a21df444819ece665c91db, e2bd0778adc4b13e3874b48eaad689e4a3a35833, a7ad7943b84fae87f5be18f05025c51ae103f732, 61e191b467f1edea6fae9123c37355133273a31a, c6e94acbf6abab3e3c25fcdd3343d0c2a3f160ca, ca60c77067d4cde390e1f58a6f947c7c7fb75f97]
+3.16-upstream-stable: ignored "Untrusted guests are no longer supportable"
+sid: released (5.3.9-2) [bugfix/x86/itlb_multihit/0001-kvm-x86-powerpc-do-not-allow-clearing-largepages-deb.patch, bugfix/x86/itlb_multihit/0001-x86-bugs-Add-ITLB_MULTIHIT-bug-infrastructure.patch, bugfix/x86/itlb_multihit/0002-x86-cpu-Add-Tremont-to-the-cpu-vulnerability-whiteli.patch, bugfix/x86/itlb_multihit/0003-cpu-speculation-Uninline-and-export-CPU-mitigations-.patch, bugfix/x86/itlb_multihit/0004-kvm-mmu-ITLB_MULTIHIT-mitigation.patch, bugfix/x86/itlb_multihit/0005-kvm-Add-helper-function-for-creating-VM-worker-threa.patch, bugfix/x86/itlb_multihit/0006-kvm-x86-mmu-Recovery-of-shattered-NX-large-pages.patch, bugfix/x86/itlb_multihit/0007-Documentation-Add-ITLB_MULTIHIT-documentation.patch]
+4.19-buster-security: released (4.19.67-2+deb10u2) [bugfix/x86/itlb_multihit/0011-x86-bugs-Add-ITLB_MULTIHIT-bug-infrastructure.patch, bugfix/x86/itlb_multihit/0013-cpu-speculation-Uninline-and-export-CPU-mitigations-.patch, bugfix/x86/itlb_multihit/0014-Documentation-Add-ITLB_MULTIHIT-documentation.patch, bugfix/x86/itlb_multihit/0016-kvm-x86-powerpc-do-not-allow-clearing-largepages-deb.patch, bugfix/x86/itlb_multihit/0017-kvm-Convert-kvm_lock-to-a-mutex.patch, bugfix/x86/itlb_multihit/0018-kvm-mmu-Do-not-release-the-page-inside-mmu_set_spte.patch, bugfix/x86/itlb_multihit/0019-KVM-x86-make-FNAME-fetch-and-__direct_map-more-simil.patch, bugfix/x86/itlb_multihit/0020-KVM-x86-remove-now-unneeded-hugepage-gfn-adjustment.patch, bugfix/x86/itlb_multihit/0021-KVM-x86-change-kvm_mmu_page_get_gfn-BUG_ON-to-WARN_O.patch, bugfix/x86/itlb_multihit/0022-KVM-x86-add-tracepoints-around-__direct_map-and-FNAM.patch, bugfix/x86/itlb_multihit/0023-KVM-vmx-svm-always-run-with-EFER.NXE-1-when-shadow-p.patch, bugfix/x86/itlb_multihit/0024-kvm-mmu-ITLB_MULTIHIT-mitigation.patch, bugfix/x86/itlb_multihit/0025-kvm-Add-helper-function-for-creating-VM-worker-threa.patch, bugfix/x86/itlb_multihit/0026-kvm-x86-mmu-Recovery-of-shattered-NX-large-pages.patch]
+4.9-stretch-security: released (4.9.189-3+deb9u2) [bugfix/x86/itlb_multihit/0012-KVM-x86-simplify-ept_misconfig.patch, bugfix/x86/itlb_multihit/0013-KVM-x86-extend-usage-of-RET_MMIO_PF_-constants.patch, bugfix/x86/itlb_multihit/0014-KVM-MMU-drop-vcpu-param-in-gpte_access.patch, bugfix/x86/itlb_multihit/0015-kvm-Convert-kvm_lock-to-a-mutex.patch, bugfix/x86/itlb_multihit/0016-kvm-x86-Do-not-release-the-page-inside-mmu_set_spte.patch, bugfix/x86/itlb_multihit/0017-KVM-x86-make-FNAME-fetch-and-__direct_map-more-simil.patch, bugfix/x86/itlb_multihit/0018-KVM-x86-remove-now-unneeded-hugepage-gfn-adjustment.patch, bugfix/x86/itlb_multihit/0019-KVM-x86-change-kvm_mmu_page_get_gfn-BUG_ON-to-WARN_O.patch, bugfix/x86/itlb_multihit/0020-KVM-x86-Add-is_executable_pte.patch, bugfix/x86/itlb_multihit/0021-KVM-x86-add-tracepoints-around-__direct_map-and-FNAM.patch, bugfix/x86/itlb_multihit/0022-KVM-vmx-svm-always-run-with-EFER.NXE-1-when-shadow-p.patch, bugfix/x86/itlb_multihit/0023-x86-bugs-Add-ITLB_MULTIHIT-bug-infrastructure.patch, bugfix/x86/itlb_multihit/0024-cpu-speculation-Uninline-and-export-CPU-mitigations-.patch, bugfix/x86/itlb_multihit/0025-kvm-mmu-ITLB_MULTIHIT-mitigation.patch, bugfix/x86/itlb_multihit/0026-kvm-Add-helper-function-for-creating-VM-worker-threa.patch, bugfix/x86/itlb_multihit/0027-kvm-x86-mmu-Recovery-of-shattered-NX-large-pages.patch, bugfix/x86/itlb_multihit/0028-Documentation-Add-ITLB_MULTIHIT-documentation.patch]
+3.16-jessie-security: ignored "Untrusted guests are no longer supportable"
diff --git a/retired/CVE-2019-0154 b/retired/CVE-2019-0154
new file mode 100644
index 000000000..475768fe8
--- /dev/null
+++ b/retired/CVE-2019-0154
@@ -0,0 +1,15 @@
+Description: Intel Gen8/Gen9 Graphics DoS
+References:
+Notes:
+ bwh> Reading some registers on gen8/gen9
+ bwh> GPUs in low power state can cause a system hang.  It's not clear
+ bwh> how an unprivileged user would trigger this, though.
+Bugs:
+upstream: released (5.4-rc8) [1d85a299c4db57c55e0229615132c964d17aa765, 7e34f4e4aad3fd34c02b294a3cf2321adf5b4438]
+4.19-upstream-stable: released (4.19.84) [011b7173cbdbd1a5f1826656693ea51516f15dc1, 255ed51599dea571ac15afc676b2705cf2f83975]
+4.9-upstream-stable: released (4.9.201) [ebd6ded190ed0920c16eb63f274b50ca050e46fb, 00194ecfb32cab5bc20ce1308c681c47094015bd]
+3.16-upstream-stable: released (3.16.77) [5013e6d917ac9f3df823d94d17e9cfe99c003517]
+sid: released (5.3.9-2) [bugfix/x86/i915/0011-drm-i915-Lower-RM-timeout-to-avoid-DSI-hard-hangs.patch, bugfix/x86/i915/0012-drm-i915-gen8-Add-RC6-CTX-corruption-WA.patch]
+4.19-buster-security: released (4.19.67-2+deb10u2) [bugfix/x86/i915/0011-drm-i915-Lower-RM-timeout-to-avoid-DSI-hard-hangs.patch, bugfix/x86/i915/0012-drm-i915-gen8-Add-RC6-CTX-corruption-WA.patch]
+4.9-stretch-security: released (4.9.189-3+deb9u2) [bugfix/x86/i915/0011-drm-i915-Lower-RM-timeout-to-avoid-DSI-hard-hangs.patch, bugfix/x86/i915/0012-drm-i915-gen8-Add-RC6-CTX-corruption-WA.patch]
+3.16-jessie-security: released (3.16.76-1) [bugfix/x86/drm-i915-gen8-add-rc6-ctx-corruption-wa.patch]
diff --git a/retired/CVE-2019-0155 b/retired/CVE-2019-0155
new file mode 100644
index 000000000..cf21b8abb
--- /dev/null
+++ b/retired/CVE-2019-0155
@@ -0,0 +1,16 @@
+Description: Intel Gen9 Graphics Privilege Escalation
+References:
+Notes:
+ bwh> The blitter on Intel gen9 GPUs is
+ bwh> missing an expected security check on commands.  This can be
+ bwh> triggered by local users that can submit commands to the GPU.
+ bwh> The i915 driver will need to check them before submitting to hw.
+Bugs:
+upstream: released (5.4-rc8) [0a2f661b6c21815a7fa60e30babe975fee8e73c6, 44157641d448cbc0c4b73c5231d2b911f0cb0427, 66d8aba1cd6db34af10de465c0d52af679288cb6, 311a50e76a33d1e029563c24b2ff6db0c02b5afe, 4f7af1948abcb18b4772fe1bcd84d7d27d96258c, 435e8fc059dbe0eec823a75c22da2972390ba9e0, 0f2f39758341df70202ae1c42d5a1e4ee392b6d3, 0546a29cd884fb8184731c79ab008927ca8859d0, f8c08d8faee5567803c8c533865296ca30286bbf, 926abff21a8f29ef159a3ac893b05c6e50e043c3, ea0b163b13ffc52818c079adb00d55e227a6da6f]
+4.19-upstream-stable: released (4.19.84) [b4b1abdc6b181cb78a072b95557ae392d423c3eb, f1ff77080fa1828dfd67b3082053da1fbb80dfff, fba4207cf15e462c8b388bde1dabb1b64eca21b0, fc3510fe6f6bcee80279238daf1c5de4d6570210, 7ce726b61c577344655436d6bf49a13e911b6f0a, fea688c5dd8197fe1ad14a5a2596fee36f993bb8, cdd77c6b4be41d35000611e2dc9a17a3db808976, f27bc2b5950dccac563706a764aa0c2d387db8e9, 6e53c71a69138059c8a4dcd1f9a2967c85fede64, a7bda639a17fe92b66b8bb28e81b558cb8678c85, fee619bb813648ea90bf024171acfaaec2f031fc]
+4.9-upstream-stable: released (4.9.201) [64003d092ec9b9ecf03984513aee106c15b411e7, 52306d4210bce70455ab80a598e1658a41ec569e, 44f0f8d44b3771270657bc7b2372d995350752d4, 943ccd0cc6c6febe23018776e65a3a56aea9968c, 9f5fb6f2e59e65d51e8b77a4f958db4c8c1a51ac, 05e5cf18ae4189c0a13dc1e704c78bed79a1b0f9, a6ba2df10d64d6d113ac3e033e3c4b80a3febd66, 81848cc9c57295e05c8ba81fa2b2b4b8a3962c3c, a7a1a3e368b5f42e75e14da66c6c9f9825d3217c, bd671d06b6232107943ec93cf587aa00ece495af, 139bb57b355ed8bef2dc619ea9e63923c245557a]
+3.16-upstream-stable: N/A "Driver doesn't support this hardware"
+sid: released (5.3.9-2) [bugfix/x86/i915/0001-drm-i915-Rename-gen7-cmdparser-tables.patch, bugfix/x86/i915/0002-drm-i915-Disable-Secure-Batches-for-gen6.patch, bugfix/x86/i915/0003-drm-i915-Remove-Master-tables-from-cmdparser.patch, bugfix/x86/i915/0004-drm-i915-Add-support-for-mandatory-cmdparsing.patch, bugfix/x86/i915/0005-drm-i915-Support-ro-ppgtt-mapped-cmdparser-shadow-bu.patch, bugfix/x86/i915/0006-drm-i915-Allow-parsing-of-unsized-batches.patch, bugfix/x86/i915/0007-drm-i915-Add-gen9-BCS-cmdparsing.patch, bugfix/x86/i915/0008-drm-i915-cmdparser-Use-explicit-goto-for-error-paths.patch, bugfix/x86/i915/0009-drm-i915-cmdparser-Add-support-for-backward-jumps.patch, bugfix/x86/i915/0010-drm-i915-cmdparser-Ignore-Length-operands-during-com.patch, bugfix/x86/i915/drm-i915-cmdparser-fix-jump-whitelist-clearing.patch]
+4.19-buster-security: released (4.19.67-2+deb10u2) [bugfix/x86/i915/0001-drm-i915-Rename-gen7-cmdparser-tables.patch, bugfix/x86/i915/0002-drm-i915-Disable-Secure-Batches-for-gen6.patch, bugfix/x86/i915/0003-drm-i915-Remove-Master-tables-from-cmdparser.patch, bugfix/x86/i915/0004-drm-i915-Add-support-for-mandatory-cmdparsing.patch, bugfix/x86/i915/0005-drm-i915-Support-ro-ppgtt-mapped-cmdparser-shadow-bu.patch, bugfix/x86/i915/0006-drm-i915-Allow-parsing-of-unsized-batches.patch, bugfix/x86/i915/0007-drm-i915-Add-gen9-BCS-cmdparsing.patch, bugfix/x86/i915/0008-drm-i915-cmdparser-Use-explicit-goto-for-error-paths.patch, bugfix/x86/i915/0009-drm-i915-cmdparser-Add-support-for-backward-jumps.patch, bugfix/x86/i915/0010-drm-i915-cmdparser-Ignore-Length-operands-during-com.patch, bugfix/x86/i915/drm-i915-cmdparser-fix-jump-whitelist-clearing.patch]
+4.9-stretch-security: released (4.9.189-3+deb9u2) [bugfix/x86/i915/0001-drm-i915-Rename-gen7-cmdparser-tables.patch, bugfix/x86/i915/0002-drm-i915-Disable-Secure-Batches-for-gen6.patch, bugfix/x86/i915/0003-drm-i915-Remove-Master-tables-from-cmdparser.patch, bugfix/x86/i915/0004-drm-i915-Add-support-for-mandatory-cmdparsing.patch, bugfix/x86/i915/0005-drm-i915-Support-ro-ppgtt-mapped-cmdparser-shadow-bu.patch, bugfix/x86/i915/0006-drm-i915-Allow-parsing-of-unsized-batches.patch, bugfix/x86/i915/0007-drm-i915-Add-gen9-BCS-cmdparsing.patch, bugfix/x86/i915/0008-drm-i915-cmdparser-Use-explicit-goto-for-error-paths.patch, bugfix/x86/i915/0009-drm-i915-cmdparser-Add-support-for-backward-jumps.patch, bugfix/x86/i915/0010-drm-i915-cmdparser-Ignore-Length-operands-during-com.patch, bugfix/x86/i915/drm-i915-cmdparser-fix-jump-whitelist-clearing.patch]
+3.16-jessie-security: N/A "Driver doesn't support this hardware"
diff --git a/retired/CVE-2019-11135 b/retired/CVE-2019-11135
new file mode 100644
index 000000000..9dd3a1476
--- /dev/null
+++ b/retired/CVE-2019-11135
@@ -0,0 +1,19 @@
+Description: TSX Asynchronous Abort (TAA)
+References:
+ https://blogs.intel.com/technology/2019/11/ipas-november-2019-intel-platform-update-ipu/
+ https://software.intel.com/security-software-guidance/insights/deep-dive-intel-transactional-synchronization-extensions-intel-tsx-asynchronous-abort
+ https://zombieloadattack.com
+ https://zombieloadattack.com/zombieload.pdf
+Notes:
+ bwh> Exploitable only on Intel CPUs that
+ bwh> support TSX and are not vulnerable to MDS.  Will be fixed by "TAA"
+ bwh> patch series.
+Bugs:
+upstream: released (5.4-rc8) [c2955f270a84762343000f103e0640d29c7a96f3, 286836a70433fb64131d2590f4bf512097c255e1, 95c5824f75f3ba4c9e8e5a4b1a623c95390ac266, 1b42f017415b46c317e71d41c34ec088417a1883, 6608b45ac5ecb56f9e171252229c39580cc85f0f, e1d38b63acd843cfdd4222bf19a26700fd5c699e, 7531a3596e3272d1f6841e0d601a614555dc6b65, a7a248c593e4fd7a67c50b5f5318fe42a0db335e, db616173d787395787ecc93eef075fa975227b10, 012206a822a8b6ac09125bfaa210a95b9eb8f1c1]
+4.19-upstream-stable: released (4.19.84) [4002d16a2ae1e3bdc0aa36ce5089bd62b4b9eab6, 37cf9ef900ccb3183c84b2181291b23927cf8002, b8eb348ae40878a5a0a4de444fa5d2ea8a539f6c, 6c58ea8525bf6df7f4df2692784d2ce315201895, 15dfa5d706df85506a527c5572be5ff322031a01, a0808f06dfa1adca8e81716cf773db8c8f1c07b9, 2402432d55576a2c35546c72d19893a21edbf133, e3bf6b3ff55a549cef225bb25724aa7858377c15, 4ad7466ddf2d78ad2e3f700ed69b694b9f232896, 415bb221a07038f7a54c4187f1aef1e8e2a4925f]
+4.9-upstream-stable: released (4.9.202) [e83ef92e99792e3ec88b95839e57c300ef692900, 2fc508384968d5796e005bf85d2daf2f16510119, 919d56194a7fe18c8d67e873d6f71c9db2e00eea, 211278805ea59ef5b871d89f5688e50faf6ca68c, a117aa4e6876fa4b272d2f0b5f12232a04cce895, 9392b2dda0aedff871f10eae4e9b1e7d7e7bc3f9, 639453597dcce3337990c80272fae6b8e2c93005, 562afad430aaf280d224c65589d8db4e29ca8ace, ba54aadc5c641dfe4e387edc977e07cd175ed59b, 0fbf080197189a30f75615dc2c45e2af561facd3, 042a4417d136559d7285ea6affdcbbd0e37192b6]
+3.16-upstream-stable: released (3.16.77) [6608a10cecfd899b4e8650aa9149ca5a6171fc43, 490421fb060b7487fc6e4fe2efb27820b0b535eb, 8b149657bc70145a6c6f41e43d7b5d90d7d23d99, 8f250aefe83f06c5765c21f44409bd5c2080803b, f21f3516be7ce2340f1afd5c3513c6319ca23d2f, 67323ec3ec3be6f5fcf2d6373701716b50c2a59d, 366507333e0b8f83009fabea746ff0ad6d7c7641, 0cdefbadb02aafd93efd4a9b118a6d07bfc742da, 55799096de726a647233c21c3fd294f55580f2b7, 88d7d95283ef74c9fa3733e811ab8498eebc827c]
+sid: released (5.3.9-2) [bugfix/x86/taa/0001-x86-msr-Add-the-IA32_TSX_CTRL-MSR.patch, bugfix/x86/taa/0002-x86-cpu-Add-a-helper-function-x86_read_arch_cap_msr.patch, bugfix/x86/taa/0003-x86-cpu-Add-a-tsx-cmdline-option-with-TSX-disabled-b.patch, bugfix/x86/taa/0004-x86-speculation-taa-Add-mitigation-for-TSX-Async-Abo.patch, bugfix/x86/taa/0005-x86-speculation-taa-Add-sysfs-reporting-for-TSX-Asyn.patch, bugfix/x86/taa/0006-kvm-x86-Export-MDS_NO-0-to-guests-when-TSX-is-enable.patch, bugfix/x86/taa/0007-x86-tsx-Add-auto-option-to-the-tsx-cmdline-parameter.patch, bugfix/x86/taa/0008-x86-speculation-taa-Add-documentation-for-TSX-Async-.patch, bugfix/x86/taa/0009-x86-tsx-Add-config-options-to-set-tsx-on-off-auto.patch, bugfix/x86/taa/0010-x86-speculation-taa-Fix-printing-of-TAA_MSG_SMT-on-I.patch]
+4.19-buster-security: released (4.19.67-2+deb10u2) [bugfix/x86/taa/0001-KVM-x86-use-Intel-speculation-bugs-and-features-as-d.patch, bugfix/x86/taa/0002-x86-msr-Add-the-IA32_TSX_CTRL-MSR.patch, bugfix/x86/taa/0003-x86-cpu-Add-a-helper-function-x86_read_arch_cap_msr.patch, bugfix/x86/taa/0004-x86-cpu-Add-a-tsx-cmdline-option-with-TSX-disabled-b.patch, bugfix/x86/taa/0005-x86-speculation-taa-Add-mitigation-for-TSX-Async-Abo.patch, bugfix/x86/taa/0006-x86-speculation-taa-Add-sysfs-reporting-for-TSX-Asyn.patch, bugfix/x86/taa/0007-kvm-x86-Export-MDS_NO-0-to-guests-when-TSX-is-enable.patch, bugfix/x86/taa/0008-x86-tsx-Add-auto-option-to-the-tsx-cmdline-parameter.patch, bugfix/x86/taa/0009-x86-speculation-taa-Add-documentation-for-TSX-Async-.patch, bugfix/x86/taa/0010-x86-tsx-Add-config-options-to-set-tsx-on-off-auto.patch, bugfix/x86/taa/0015-x86-speculation-taa-Fix-printing-of-TAA_MSG_SMT-on-I.patch]
+4.9-stretch-security: released (4.9.189-3+deb9u2) [bugfix/x86/taa/0001-KVM-x86-use-Intel-speculation-bugs-and-features-as-d.patch, bugfix/x86/taa/0002-x86-msr-Add-the-IA32_TSX_CTRL-MSR.patch, bugfix/x86/taa/0003-x86-cpu-Add-a-helper-function-x86_read_arch_cap_msr.patch, bugfix/x86/taa/0004-x86-cpu-Add-a-tsx-cmdline-option-with-TSX-disabled-b.patch, bugfix/x86/taa/0005-x86-speculation-taa-Add-mitigation-for-TSX-Async-Abo.patch, bugfix/x86/taa/0006-x86-speculation-taa-Add-sysfs-reporting-for-TSX-Asyn.patch, bugfix/x86/taa/0007-kvm-x86-Export-MDS_NO-0-to-guests-when-TSX-is-enable.patch, bugfix/x86/taa/0008-x86-tsx-Add-auto-option-to-the-tsx-cmdline-parameter.patch, bugfix/x86/taa/0009-x86-speculation-taa-Add-documentation-for-TSX-Async-.patch, bugfix/x86/taa/0010-x86-tsx-Add-config-options-to-set-tsx-on-off-auto.patch, bugfix/x86/taa/0011-x86-speculation-taa-Fix-printing-of-TAA_MSG_SMT-on-I.patch]
+3.16-jessie-security: released (3.16.76-1) [bugfix/x86/taa/0001-KVM-Introduce-kvm_get_arch_capabilities.patch, bugfix/x86/taa/0002-KVM-x86-use-Intel-speculation-bugs-and-features-as-d.patch, bugfix/x86/taa/0003-x86-msr-Add-the-IA32_TSX_CTRL-MSR.patch, bugfix/x86/taa/0004-x86-cpu-Add-a-helper-function-x86_read_arch_cap_msr.patch, bugfix/x86/taa/0005-x86-cpu-Add-a-tsx-cmdline-option-with-TSX-disabled-b.patch, bugfix/x86/taa/0006-x86-speculation-taa-Add-mitigation-for-TSX-Async-Abo.patch, bugfix/x86/taa/0007-x86-speculation-taa-Add-sysfs-reporting-for-TSX-Asyn.patch, bugfix/x86/taa/0008-kvm-x86-Export-MDS_NO-0-to-guests-when-TSX-is-enable.patch, bugfix/x86/taa/0009-x86-tsx-Add-auto-option-to-the-tsx-cmdline-parameter.patch, bugfix/x86/taa/0010-x86-speculation-taa-Add-documentation-for-TSX-Async-.patch, bugfix/x86/taa/0011-x86-tsx-Add-config-options-to-set-tsx-on-off-auto.patch, bugfix/x86/taa/0012-x86-speculation-taa-Fix-printing-of-TAA_MSG_SMT-on-I.patch]