Prevent speculation on user controlled pointer
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Precise |
Fix Released
|
Undecided
|
Juerg Haefliger | ||
Trusty |
Fix Released
|
Undecided
|
Unassigned | ||
Xenial |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
== SRU Justification ==
Upstream's Spectre v1 mitigation prevents speculation on a user controlled pointer. This part of the Spectre v1 patchset was never backported to 4.4 (for unknown reasons) so Xenial/
== Fix ==
Backport the following patches:
x86/uaccess: Use __uaccess_
x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end}
x86: Introduce __uaccess_
== Regression Potential ==
Low. Patches have been in upstream (and other distro kernels) for quite a while now and the changes only introduce a barrier on copy_from_user operations.
== Test Case ==
TBD.
CVE References
- 2016-10208
- 2017-11472
- 2017-11473
- 2017-14991
- 2017-15649
- 2017-16526
- 2017-16527
- 2017-16529
- 2017-16531
- 2017-16532
- 2017-16533
- 2017-16535
- 2017-16536
- 2017-16537
- 2017-16538
- 2017-16643
- 2017-16644
- 2017-16645
- 2017-16650
- 2017-16911
- 2017-16912
- 2017-16913
- 2017-16914
- 2017-17558
- 2017-18255
- 2017-18270
- 2017-2583
- 2017-2584
- 2017-2671
- 2017-5549
- 2017-5715
- 2017-5897
- 2017-6345
- 2017-6348
- 2017-7518
- 2017-7645
- 2017-8831
- 2017-9984
- 2018-1000204
- 2018-10021
- 2018-10087
- 2018-10124
- 2018-10323
- 2018-10675
- 2018-10877
- 2018-10881
- 2018-1092
- 2018-1093
- 2018-10940
- 2018-12233
- 2018-13094
- 2018-13405
- 2018-13406
- 2018-3639
- 2018-3665
- 2018-7755
description: | updated |
Changed in linux (Ubuntu Xenial): | |
status: | New → Fix Committed |
tags: |
added: verification-done-xenial removed: verification-needed-xenial |
Changed in linux (Ubuntu Trusty): | |
status: | New → Fix Committed |
tags: |
added: verification-done-trusty removed: verification-needed-trusty |
Changed in linux (Ubuntu Precise): | |
status: | New → In Progress |
assignee: | nobody → Juerg Haefliger (juergh) |
Changed in linux (Ubuntu Precise): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu Precise): | |
status: | Fix Committed → Fix Released |
Changed in linux (Ubuntu): | |
status: | Incomplete → Invalid |
tags: | added: cscc |
This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:
apport-collect 1775137
and then change the status of the bug to 'Confirmed'.
If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.
This change has been made by an automated script, maintained by the Ubuntu Kernel Team.