Description: Information leak through mispredicted returns on Intel processors
References:
 https://comsec.ethz.ch/research/microarch/retbleed/
 https://comsec.ethz.ch/wp-content/files/retbleed_sec22.pdf
 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00702.html
Notes:
 bwh> Also known as "RETbleed", but is different from the AMD issue.
 bwh> Mitigations in order of preference: eIBRS in kernel, RSB-stuffing
 bwh> return thunk, or IBRS in kernel.
 bwh> Skylake and the other "lake" µarches are affected, except Icelake
 bwh> D and X.
 bwh> Released in 5.18.14.
 carnil> Tried to collect the relevant commit ids from 5.10.133 for the
 carnil> issue, please double check. Some surrounding prerequisites and
 carnil> followups are missing in the list in any case. Updating to
 carnil> 5.10.133 and following is the best strategy.
 carnil> One commit was for some stable series reverted, "x86/ftrace:
 carnil> Use alternative RET encoding" and redone.
Bugs:
upstream: released (5.19-rc7) [742ab6df974ae8384a2dd213db1a3a06cf6d8936, a883d624aed463c84c22596006e5a96f5b44db31, 369ae6ffc41a3c1137cab697635a84d0cc7cdcea, 00e1533325fd1fb5459229fe37f235462649f668, 0b53c374b9eff2255a386f1f1cfb9a928e52a5ae, 15e67227c49a57837108acfe1c80570e1bd9f962, d9e9d2300681d68a775c28de6aa6e5290ae17796, ee88d363d15617ff50ac24fab0ffec11113b2aeb, 1f001e9da6bbf482311e45e48f53c2bd2179e59c, d77cfe594ad50e0bf95d457e02ccd578791b2a15, af2e140f34208a5dfb6b7a8ad2d56bda88f0524d, 15583e514eb16744b80be85dea0774ece153177d, 0ee9073000e8791f8b134a8ded31bcc767f7f232, aa3d480315ba6c3025a60958e1981072ea37c3df, 7c81c0c9210c9bfab2bae76aab2999de5bad27db, 951ddecf435659553ed15a9214e153a3af43a9a1, a149180fbcf336e97ce4eb2cdc13672727feb94d, 6b80b59b3555706508008f1f127b5412c89c7fd8, 7fbf47c7ce50b38a64576b150e7011ae73d54669, e8ec1b6e08a2102d8755ccb06fa26d540f26a2fa, caa0ff24d5d0e02abce5e65c3d2b7f20a6617be5, 2dbb887e875b1de3ca8f40ddf26bcfe55798c609, c779bc1a9002fa474175b80e72b85c9bf628abb0, 7c693f54c873691a4b7da05c7e0f74e67745d144, 166115c08a9b0b846b783088808a27d739be6e8d, 6ad0ad2bf8a67e27d1f9d006a1dabb0e1c360cc3, bf5835bcdb9635c97f85120dba9bfa21e111130f, 9bb2ec608a209018080ca262f771e6a9ff203b6f, b75b7f8ef1148be1b9321ffc2f6c19238904b438, d147553b64bad34d2f92cb7d8ba454ae95c3baac, 3ebc170068885b6fc7bedda6c667bb2c4d533159, 0fe4aeea9c01baabecc8c3afc7889c809d939bc2, a09a6e2399ba0595c3042b3164f3ca68a3cff33e, d7caac991feeef1b871ee6988fd2c9725df09039, b2620facef4889fefcbf2e87284f34dcd4189bce, e6aa13622ea8283cc699cac5d018cc40a2ba2010, 56aa4d221f1ee2c3a49b45b800778ec6e0ab73c5, bbb69e8bee1bd882784947095ffb2bfe0f7c9470, acac5e98ef8d638a411cfa2ee676c87e1973f126, 8faea26e611189e933ea2281975ff4dc7c1106b6, 8bd200d23ec42d66ccd517a72dd0b9cc6132d2fd, bb06650634d3552c0f8557e9d16aa1a408040e28, fc02735b14fff8c6678b521d324ade27b1a3d4cf, bea7e31a5caccb6fe8ed989c065072354f0ecb52, 9756bba28470722dacb79ffce554336dd1f6a6cd, 07853adc29a058c5fd143c14e5ac528448a72ed9, 7a05bc95ed1c5a59e47aaade9fb4083c27de9e62, 26aae8ccbc1972233afd08fb3f368947c0314265, f43b9876e857c739d407bc56df288b0ebe1a9164, f54d45372c6ac9c993451de5e51312485f7d10bc, 2c08b9b38f5b0f4a6c2d29be22b695e4ec4a556b, 2259da159fbe5dba8ac00b560cf00b6a6537fa18, 697977d8415d61f3acbc4ee6d564c9dcf0309507, 4ad3278df6fe2b0852b00d5757fc2ccd8e92c26e, c27c753ea6fd1237f4f96abf8b623d7bab505513]
5.10-upstream-stable: released (5.10.133) [7070bbb66c5303117e4c7651711ea7daae4c64b5, feec5277d5aa9780d4814084262b98af2b1a2242, 6a2b142886c52244a9c1dfb0a36971daa963541a, 3e519ed8d509f5f2e1c67984f3cdf079b725e724, 37b9bb094123a14a986137d693b5aa18a240128b, 270de63cf4a380fe9942d3e0da599c0e966fad78, 716410960ba0a2d2c3f59cb46315467c9faf59b2, 8bdb25f7aee312450e9c9ac21ae209d9cf0602e5, 446eb6f08936e6f87bea9f35be05556a7211df9b, 7723edf5edfdfdabd8234e45142be86598a04cad, 00b136bb6254e0abf6aaafe62c4da5f6c4fea4cb, e0e06a922706204df43d50032c05af75d8e75f8e, ee4996f07d868ee6cc7e76151dfab9a2344cdeb0, d6eb50e9b7245a238872a9a969f84993339780a5, 5b2edaf709b50c81b3c6ddb745c8a76ab6632645, c9eb5dcdc8f4a848b45b97725f5a2b8d324bb31a, c70d6f82141b89db6c076b0cbf9a7a2edc29e46d, df748593c55389892902aecb8691080ad5e8cff5, 876750cca4f043bd626a3ac760ce887dda3b6ec7, 3f29791d56d32a610a2b57a9b700b1bc1912e41f, a989e75136192036d47e4dc4fe87ff9c961d6b46, 9e727e0d9486121de5c21cbb65fcc0c907834b17, 3dddacf8c3cc29b9b37d8c4353f746e510ad1371, 6d7e13ccc4d73e5c88cc015bc0154b7d08f65038, dabc2a1b406ae0ff5286c91f7519b3e20ec2aa63, a0f8ef71d762501769df69e35c4c4e7496866d90, e8142e2d6cb6b39fdd78bc17199429f79bcd051c, 55bba093fd91a76971134e3a4e3576e536c08f5c, 28aa3fa0b2c9d0cd7bdac42d9eb7fe3d5f6c79e8, f728eff26339d85825e588d461f0e55267bc6c3f, c8845b875437b8ea9cd023f15b44c436c9c5b62d, fbab1c94eb1a3139d7ac0620dc6d7d6a33f3b255, 0d1a8a16e62c8048f2ff7f9c6f448bf595d2a2a8, ea1aa926f423a8cf1b2416bb909bfbea37d12b11, f1b01ace814b0a8318041e3aea5fd36cc74f09b0, d29c07912a49fce965228f73a293e2c899bc7e35, aad83db22e9950577b5b827f57ed7108b3ca5553, ce11f91b21c25dda8b06988817115bef1c636434, 1dbefa57725204be0348351ea4756c52b10b3504, df93717a32f57e1b033dbfa2a78809d7d4000648, 07401c2311f6fddd3c49a392eafc2c28a899f768, 84061fff2ad98a7809f00e88a54f584f84830388, 5269be9111e2b66572e78647f2e8948f7fc96466, 47ae76fb27398e867980d63789058ff7c4f12a35, 4d7f72b6e1bc630bec7e4cd51814bc2b092bf153, a74f5d23e68d9687ed06bd462d344867824707d8, f7851ed697be2ce86bd8baf29111762b7b3ff6cc, b24fdd0f1c3328cf8ee0c518b93a7187f8cee097, 609336351d08699395be24860902e6e0b7860e2b, 51552b6b52fc865f37ef3ddacd27d807a36695ac, c2ca992144281917cfae19d231b1195c02906a4e, eb38964b6ff864b8bdf87c9cf6221d0b0611a990, c035ca88b0742952150b1671bb5d26b96f921245]
4.19-upstream-stable: released (4.19.266) [67b137bf0d9d096f86c8bfa175ca5ab3629369c9, 8627f766f42beefcce9979e6db44541cc651d521, c150c96152aa0ca3d59ecc71c0c4a8864abca42a, e6bfe7967f1a06ff906a1d8d73696c750f833e74, 78c9a72da30a2a6e30c190f431d03a3b06bdcdc0, 0ff64957bae869ab7163d4b6c930f8ecfc6ae7cf, 12db59370889ce1a5e3deb50507d4141910c4341, 7c9a1a329b6273b5fe1c47f78a8efb15197937d5, bd2b18f6d226de17b42b1f1ff15daf800a4f0c52, c79ea34ffbb9af46a3e97f2a4550f83d0151a2e3, 4b74a4f69682058fa79ccc9643ea69a0f1b955ee, 310aee6c371b076f86b61f764fe77de0e2913edd, 9e03416b022e83c73bbbdc275f1df1c3e88e3155, f1b4cf5ce43f28503ef24d30fdbb9247d141765d, c1493b60fd131c0c1558a8f71192fbebe7ed998f, 6cc8bd7dd3f33c39469899b2045870b62dd1ef4d, 9dc813c5fe403345e3edf1e52ee1ee2ecfe0d46d, d2c10ea360a307f520c22e56b77f9a40db79e253, 9f3330d4930e034d84ee6561fbfb098433ff0ab9, ca47b5c598c2772aadd6bd5626ac531e640cd477, 93f951062040f132968103bb5a070aaafde2865c, 8bafec7f0eaa0d4f260fe74de49d9aaa0451bc3d, 1ec1aceda390df12ad85525521f3ce2c7d837934, 24344e2bee186d54e0fdfbae70e67ec39473a9ae, e6ac9561776a1fa80e245993f94c8f63fa15632b, 6451e3ce91f70398dd5e0f9feada255f19d5b2b7, f744b88dfc201bf8092833ec70b23c720188b527, 9f88c3b0a2bcf18b3ec7e551958723a1061c9b99, 1bce094085ff639bbe370821f2ab99e996a0e108, 745cd50cc41a4ca529d20a889699b829e739dddd, 48eb8d6ac7df51a6408d629306335449826fc3a8, 0019a40f27e98bac177d3ec3a006df3c177d9181, 7eb3e2a80fe6b41ead0eb08d6772f2604acc1899, 56cf3753a1ef6d269fe24872db53b7b135ca011a]
sid: released (5.18.14-1)
5.10-bullseye-security: released (5.10.136-1)
4.19-buster-security: released (4.19.269-1)