| Message ID | 20210923235101.49134-1-cascardo@canonical.com |
|---|---|
| Headers | show |
| Series | CVE fixes for 5.8 kernels | expand |
On 24.09.21 01:50, Thadeu Lima de Souza Cascardo wrote: > [CVEs] > These are fixes that are only needed for 5.8 kernels (though currently that > is only azure-5.8), which are already pending or released for other > kernels. > > [Test] > This has been built and booted as part of hwe-5.8 and azure-5.8. > > The one I had a test for was CVE-2021-3612, and I can confirm I don't see a > crash anymore. > > [Potential regression] > Two of the fixes affect KVM, so regressions would be observed on KVM guests > running on Azure instances. There is one for a Xilinx network device, so > any systems with that device could be impacted. Finally, the one that was > tested against affects the /dev/input/js* interface to some input devices. > > Alexander Larkin (1): > Input: joydev - prevent use of not validated data in JSIOCSBTNMAP > ioctl > > David Rientjes (1): > KVM: SVM: Periodically schedule when unregistering regions on destroy > > Esben Haabendal (1): > net: ll_temac: Fix TX BD buffer overwrite > > Nicholas Piggin (1): > KVM: do not allow mapping valid but non-reference-counted pages > > arch/x86/kvm/svm/sev.c | 1 + > drivers/input/joydev.c | 2 +- > drivers/net/ethernet/xilinx/ll_temac_main.c | 2 +- > virt/kvm/kvm_main.c | 19 +++++++++++++++++-- > 4 files changed, 20 insertions(+), 4 deletions(-) > Acked-by: Stefan Bader <stefan.bader@canonical.com>
On 24.09.21 01:50, Thadeu Lima de Souza Cascardo wrote: > [CVEs] > These are fixes that are only needed for 5.8 kernels (though currently that > is only azure-5.8), which are already pending or released for other > kernels. > > [Test] > This has been built and booted as part of hwe-5.8 and azure-5.8. > > The one I had a test for was CVE-2021-3612, and I can confirm I don't see a > crash anymore. > > [Potential regression] > Two of the fixes affect KVM, so regressions would be observed on KVM guests > running on Azure instances. There is one for a Xilinx network device, so > any systems with that device could be impacted. Finally, the one that was > tested against affects the /dev/input/js* interface to some input devices. > > Alexander Larkin (1): > Input: joydev - prevent use of not validated data in JSIOCSBTNMAP > ioctl > > David Rientjes (1): > KVM: SVM: Periodically schedule when unregistering regions on destroy > > Esben Haabendal (1): > net: ll_temac: Fix TX BD buffer overwrite > > Nicholas Piggin (1): > KVM: do not allow mapping valid but non-reference-counted pages > > arch/x86/kvm/svm/sev.c | 1 + > drivers/input/joydev.c | 2 +- > drivers/net/ethernet/xilinx/ll_temac_main.c | 2 +- > virt/kvm/kvm_main.c | 19 +++++++++++++++++-- > 4 files changed, 20 insertions(+), 4 deletions(-) > Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com> Thanks
On 24.09.21 01:50, Thadeu Lima de Souza Cascardo wrote: > [CVEs] > These are fixes that are only needed for 5.8 kernels (though currently that > is only azure-5.8), which are already pending or released for other > kernels. > > [Test] > This has been built and booted as part of hwe-5.8 and azure-5.8. > > The one I had a test for was CVE-2021-3612, and I can confirm I don't see a > crash anymore. > > [Potential regression] > Two of the fixes affect KVM, so regressions would be observed on KVM guests > running on Azure instances. There is one for a Xilinx network device, so > any systems with that device could be impacted. Finally, the one that was > tested against affects the /dev/input/js* interface to some input devices. > > Alexander Larkin (1): > Input: joydev - prevent use of not validated data in JSIOCSBTNMAP > ioctl > > David Rientjes (1): > KVM: SVM: Periodically schedule when unregistering regions on destroy > > Esben Haabendal (1): > net: ll_temac: Fix TX BD buffer overwrite > > Nicholas Piggin (1): > KVM: do not allow mapping valid but non-reference-counted pages > > arch/x86/kvm/svm/sev.c | 1 + > drivers/input/joydev.c | 2 +- > drivers/net/ethernet/xilinx/ll_temac_main.c | 2 +- > virt/kvm/kvm_main.c | 19 +++++++++++++++++-- > 4 files changed, 20 insertions(+), 4 deletions(-) > Applied to focal:linux-hwe-5.8/hwe-5.8. Thanks. -Stefan
[CVEs] These are fixes that are only needed for 5.8 kernels (though currently that is only azure-5.8), which are already pending or released for other kernels. [Test] This has been built and booted as part of hwe-5.8 and azure-5.8. The one I had a test for was CVE-2021-3612, and I can confirm I don't see a crash anymore. [Potential regression] Two of the fixes affect KVM, so regressions would be observed on KVM guests running on Azure instances. There is one for a Xilinx network device, so any systems with that device could be impacted. Finally, the one that was tested against affects the /dev/input/js* interface to some input devices. Alexander Larkin (1): Input: joydev - prevent use of not validated data in JSIOCSBTNMAP ioctl David Rientjes (1): KVM: SVM: Periodically schedule when unregistering regions on destroy Esben Haabendal (1): net: ll_temac: Fix TX BD buffer overwrite Nicholas Piggin (1): KVM: do not allow mapping valid but non-reference-counted pages arch/x86/kvm/svm/sev.c | 1 + drivers/input/joydev.c | 2 +- drivers/net/ethernet/xilinx/ll_temac_main.c | 2 +- virt/kvm/kvm_main.c | 19 +++++++++++++++++-- 4 files changed, 20 insertions(+), 4 deletions(-)