Opened 4 years ago

Closed 4 years ago

Last modified 4 years ago

#4662 closed task (fixed)


Reported by: Bruce Dubbs Owned by: lfs-book
Priority: normal Milestone: 10.0
Component: Book Version: SVN
Severity: normal Keywords:


New minor version. I'd like to wait until at least version 5.7.1.

Change History (4)

comment:1 by Douglas R. Reno, 4 years ago

A number of flaws were discussed in the registers article this morning
( )
which have been submitted for inclusion upstream already.

Listed below are the CVE's that Red Hat has assigned.  As far as I can
tell there are no existing  CVE assignments for these flaws. I have
not done adequate investigation to correctly identify affected
versions of the kernel, however this is a flaw in the fix for
CVE-2018-3639, affected systems would likely be affected by the flaws
listed below if they required the fix.

- Rogue cross-process SSBD shutdown. Linux scheduler logical bug
allows an attacker to turn off the SSBD protection.

- Indirect Branch Prediction Barrier is force-disabled when STIBP is
unavailable or enhanced IBRS is available.

-  Indirect branch speculation can be enabled after it was
force-disabled by the PR_SPEC_FORCE_DISABLE prctl command.

The Red Hat Bugzillas for these flaws are

These  bugzillas are a work in progress and will be updated as I get
more time to correctly input adequate information.

Thank you.

More security fixes are incoming, probably in 5.7.2.

comment:2 by Bruce Dubbs, 4 years ago

Summary: linux-5.7linux-5.7.2

Now version 5.7.2.

comment:3 by Bruce Dubbs, 4 years ago

Resolution: fixed
Status: newclosed

Fixed at revision 11950.

comment:4 by Bruce Dubbs, 4 years ago

Milestone: 9.210.0

Milestone renamed

Note: See TracTickets for help on using tickets.