integ

History

zhiguo.zhang 30788066d6 Upgrade std kernel patch to CentOS7.6 3.10.0-957.12.2 New set of CVEs was reported against Intel CPUs: CVE-2018-12126, CVE-2018-12127, CVE-2018-12130 and CVE-2019-11091. For these CVEs there are RH and CentOS updates available. CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/ corporate-information/SA00233-microcode-update-guidance_05132019.pdf CVE-2018-12127: Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/ corporate-information/SA00233-microcode-update-guidance_05132019.pdf CVE-2018-12130: Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/ corporate-information/SA00233-microcode-update-guidance_05132019.pdf CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory(MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/ corporate-information/SA00233-microcode-update-guidance_05132019.pdf These are from the http://cve.mitre.org website. These are the MDS security CVEs. The patch is modified as follows: 1.Delete the 929-931 line of the arch/x86/kernel/cpu/cacheinfo.c file, because starlingx's Porting-Cacheinfo-from-Kernel-4.10.17.patch removes the ici_cpuid4_info structure. 2.The build-logic-and-sources-for-TiC.patch version number has been modified. 3.In addition to the modifications in the files in 1 and 2, other patches only modify the line number. Closes-Bug: 1830487 Depends-On: https://review.opendev.org/663071 Change-Id: I4cad783311ed4a6c60b4f69bdad75d773d0cd23d Signed-off-by: zhiguo.zhang <zhiguox.zhang@intel.com>	2019-06-11 11:09:32 +08:00
..
centos	Upgrade std kernel patch to CentOS7.6 3.10.0-957.12.2	2019-06-11 11:09:32 +08:00
files	update ima public certificate for standard kernel	2018-10-10 16:44:58 -04:00

zhiguo.zhang 30788066d6 Upgrade std kernel patch to CentOS7.6 3.10.0-957.12.2

New set of CVEs was reported against Intel CPUs: CVE-2018-12126,
CVE-2018-12127, CVE-2018-12130 and CVE-2019-11091.
For these CVEs there are RH and CentOS updates available.

CVE-2018-12126:
Microarchitectural Store Buffer Data Sampling (MSBDS):
Store buffers on some microprocessors utilizing speculative
execution may allow an authenticated user to potentially
enable information disclosure via a side channel with local access.
A list of impacted products can be found here:
https://www.intel.com/content/dam/www/public/us/en/documents/
corporate-information/SA00233-microcode-update-guidance_05132019.pdf

CVE-2018-12127:
Microarchitectural Load Port Data Sampling (MLPDS):
Load ports on some microprocessors utilizing speculative execution
may allow an authenticated user to potentially enable information
disclosure via a side channel with local access. A list of impacted
products can be found here:
https://www.intel.com/content/dam/www/public/us/en/documents/
corporate-information/SA00233-microcode-update-guidance_05132019.pdf

CVE-2018-12130:
Microarchitectural Fill Buffer Data Sampling (MFBDS):
Fill buffers on some microprocessors utilizing speculative execution
may allow an authenticated user to potentially enable information
disclosure via a side channel with local access. A list of impacted
products can be found here:
https://www.intel.com/content/dam/www/public/us/en/documents/
corporate-information/SA00233-microcode-update-guidance_05132019.pdf

CVE-2019-11091:
Microarchitectural Data Sampling Uncacheable Memory(MDSUM):
Uncacheable memory on some microprocessors utilizing speculative
execution may allow an authenticated user to potentially enable
information disclosure via a side channel with local access.
A list of impacted products can be found here:
https://www.intel.com/content/dam/www/public/us/en/documents/
corporate-information/SA00233-microcode-update-guidance_05132019.pdf

These are from the http://cve.mitre.org website.
These are the MDS security CVEs.

The patch is modified as follows:
1.Delete the 929-931 line of the arch/x86/kernel/cpu/cacheinfo.c file,
  because starlingx's Porting-Cacheinfo-from-Kernel-4.10.17.patch
  removes the ici_cpuid4_info structure.

2.The build-logic-and-sources-for-TiC.patch version number
  has been modified.

3.In addition to the modifications in the files in 1 and 2,
  other patches only modify the line number.

Closes-Bug: 1830487
Depends-On: https://review.opendev.org/663071
Change-Id: I4cad783311ed4a6c60b4f69bdad75d773d0cd23d
Signed-off-by: zhiguo.zhang <zhiguox.zhang@intel.com>

2019-06-11 11:09:32 +08:00

centos

Upgrade std kernel patch to CentOS7.6 3.10.0-957.12.2

2019-06-11 11:09:32 +08:00

files

update ima public certificate for standard kernel

2018-10-10 16:44:58 -04:00