Bug 1530827
| Summary: | CVE-2017-5715 kernel: hw: cpu: speculative execution branch target injection [fedora-all] | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Petr Matousek <pmatouse> |
| Component: | kernel | Assignee: | Kernel Maintainer List <kernel-maint> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | 27 | CC: | airlied, ajax, bitflip10, bskeggs, ewk, hdegoede, ichavero, itamar, jarodwilson, jforbes, jglisse, joe, john.j5live, jonathan, jon.dufresne, josef, jwboyer, kernel-maint, labbott, linville, mchehab, mjg59, pmatouse, steved |
| Target Milestone: | --- | Keywords: | Security, SecurityTracking |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Release Note | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2018-03-15 13:48:38 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1519780 | ||
|
Description
Petr Matousek
2018-01-03 22:54:42 UTC
Use the following template to for the 'fedpkg update' request to submit an update for this issue as it contains the top-level parent bug(s) as well as this tracking bug. This will ensure that all associated bugs get updated when new packages are pushed to stable. ===== # bugfix, security, enhancement, newpackage (required) type=security # testing, stable request=testing # Bug numbers: 1234,9876 bugs=1519780,1530827 # Description of your update notes=Security fix for [PUT CVEs HERE] # Enable request automation based on the stable/unstable karma thresholds autokarma=True stable_karma=3 unstable_karma=-3 # Automatically close bugs when this marked as stable close_bugs=True # Suggest that users restart after update suggest_reboot=False ====== Additionally, you may opt to use the bodhi web interface to submit updates: https://bodhi.fedoraproject.org/updates/new Placing this as modified, the retpoline updates in 4.14.14 and newer should mitigate this fairly well for x86_64, there is still work to be done for other architectures. We apologize for the inconvenience. There is a large number of bugs to go through and several of them have gone stale. As kernel maintainers, we try to keep up with bugzilla but due the rate at which the upstream kernel project moves, bugs may be fixed without any indication to us. Due to this, we are doing a mass bug update across all of the Fedora 27 kernel bugs. Fedora 27 has now been rebased to 4.15.3-300.f27. Please test this kernel update (or newer) and let us know if you issue has been resolved or if it is still present with the newer kernel. If you experience different issues, please open a new bug report for those. This one has not been closed out as we are waiting for a few other architecture mitigations to land. There should be a status update in the next week. I am going to close this at this point. The 4.15.4 updates added the arm64 coverage. While the mitigation will be improved over time, I think we have base coverage for users now. |