[Git][security-tracker-team/security-tracker][master] Track Processor MMIO Stale Data vulnerabilities as well for src:linux
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jun 28 19:26:57 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0ebe3536 by Salvatore Bonaccorso at 2022-06-28T20:24:30+02:00
Track Processor MMIO Stale Data vulnerabilities as well for src:linux
After short discussion with kernel maintainers add tracking as well for
src:linux for the three CVEs CVE-2022-21123, CVE-2022-21125,
CVE-2022-21166 on kernel side as well and not only for intel-microcode.
5.18.5, 5.15.48, 5.10.123, 5.4.199, 4.19.248, 4.14.284, and 4.9.319 all
got the fixes backported implementing the mitigations on kernel side
along with the needed intel-microcode update.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -46353,6 +46353,7 @@ CVE-2022-21180 (Improper input validation for some Intel(R) Processors may allow
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00645.html
CVE-2022-21166 (Incomplete cleanup in specific special register write operations for s ...)
- intel-microcode 3.20220510.1
+ - linux 5.18.5-1
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html
NOTE: https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/processor-mmio-stale-data-vulnerabilities.html#DRPW
NOTE: Linux kernel documentation patch: https://git.kernel.org/linus/4419470191386456e0b8ed4eb06a70b0021798a6
@@ -46364,12 +46365,14 @@ CVE-2022-21127 (Incomplete cleanup in specific special register read operations
NOTE: https://xenbits.xen.org/xsa/advisory-404.html
CVE-2022-21125 (Incomplete cleanup of microarchitectural fill buffers on some Intel(R) ...)
- intel-microcode 3.20220510.1
+ - linux 5.18.5-1
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html
NOTE: https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/processor-mmio-stale-data-vulnerabilities.html#SBDS
NOTE: Linux kernel documentation patch: https://git.kernel.org/linus/4419470191386456e0b8ed4eb06a70b0021798a6
NOTE: NOTE: https://xenbits.xen.org/xsa/advisory-404.html
CVE-2022-21123 (Incomplete cleanup of multi-core shared buffers for some Intel(R) Proc ...)
- intel-microcode 3.20220510.1
+ - linux 5.18.5-1
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html
NOTE: https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/processor-mmio-stale-data-vulnerabilities.html#SBDR
NOTE: Linux kernel documentation patch: https://git.kernel.org/linus/4419470191386456e0b8ed4eb06a70b0021798a6
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ebe353669d60829d592679bfc192866cf691ec7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ebe353669d60829d592679bfc192866cf691ec7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220628/7dc77da4/attachment.htm>
More information about the debian-security-tracker-commits
mailing list