-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 12 Nov 2019 15:44:08 +0000 Source: linux Architecture: source Version: 5.3.9-2 Distribution: unstable Urgency: medium Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org> Changed-By: Ben Hutchings <ben@decadent.org.uk> Changes: linux (5.3.9-2) unstable; urgency=medium . * [x86] Add mitigation for TSX Asynchronous Abort (CVE-2019-11135): - x86/msr: Add the IA32_TSX_CTRL MSR - x86/cpu: Add a helper function x86_read_arch_cap_msr() - x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default - x86/speculation/taa: Add mitigation for TSX Async Abort - x86/speculation/taa: Add sysfs reporting for TSX Async Abort - kvm/x86: Export MDS_NO=0 to guests when TSX is enabled - x86/tsx: Add "auto" option to the tsx= cmdline parameter - x86/speculation/taa: Add documentation for TSX Async Abort - x86/tsx: Add config options to set tsx=on|off|auto - x86/speculation/taa: Fix printing of TAA_MSG_SMT on IBRS_ALL CPUs TSX is now disabled by default; see Documentation/admin-guide/hw-vuln/tsx_async_abort.rst * [x86] KVM: Add mitigation for Machine Check Error on Page Size Change (aka iTLB multi-hit, CVE-2018-12207): - kvm: x86, powerpc: do not allow clearing largepages debugfs entry - x86/bugs: Add ITLB_MULTIHIT bug infrastructure - x86/cpu: Add Tremont to the cpu vulnerability whitelist - cpu/speculation: Uninline and export CPU mitigations helpers - kvm: mmu: ITLB_MULTIHIT mitigation - kvm: Add helper function for creating VM worker threads - kvm: x86: mmu: Recovery of shattered NX large pages - Documentation: Add ITLB_MULTIHIT documentation * [x86] i915: Mitigate local privilege escalation on gen9 (CVE-2019-0155): - drm/i915: Rename gen7 cmdparser tables - drm/i915: Disable Secure Batches for gen6+ - drm/i915: Remove Master tables from cmdparser - drm/i915: Add support for mandatory cmdparsing - drm/i915: Support ro ppgtt mapped cmdparser shadow buffers - drm/i915: Allow parsing of unsized batches - drm/i915: Add gen9 BCS cmdparsing - drm/i915/cmdparser: Use explicit goto for error paths - drm/i915/cmdparser: Add support for backward jumps - drm/i915/cmdparser: Ignore Length operands during command matching - drm/i915/cmdparser: Fix jump whitelist clearing * [x86] i915: Mitigate local denial-of-service on gen8/gen9 (CVE-2019-0154): - drm/i915: Lower RM timeout to avoid DSI hard hangs - drm/i915/gen8+: Add RC6 CTX corruption WA Checksums-Sha1: c22f049ca403891301c3707c7c0c3f9f8e818102 197528 linux_5.3.9-2.dsc ebebd74507e1b62ab2fc469875aabe06c63ad799 3555404 linux_5.3.9-2.debian.tar.xz 30d0a91cf128fd647a8f3addb4880ac8d8457387 48103 linux_5.3.9-2_source.buildinfo Checksums-Sha256: 7a901db414c7874ec2eca659a2dd388633f6422702096a5e0c6b3da6ddf0633a 197528 linux_5.3.9-2.dsc d96081834f8e111890900e5dc55e0a44b6570d8854a9f5700c41b9cc58fada4f 3555404 linux_5.3.9-2.debian.tar.xz a32178c57ef87606a12979391a5b8f88d1d19f9ed6b606c2d2b8973916ed459f 48103 linux_5.3.9-2_source.buildinfo Files: 991a7dfb9f4b4948f7e57336b1caa53b 197528 kernel optional linux_5.3.9-2.dsc 3d2cd5c573806849eaa03417fce553b0 3555404 kernel optional linux_5.3.9-2.debian.tar.xz 58ece471be953c32fe177c01168a419b 48103 kernel optional linux_5.3.9-2_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAl3LEgYACgkQ57/I7JWG EQmhmg/9GDHHJAq9HmeZ3d1BHHQBGN7vWkDXQknEQuslzHGjg+IXxSpTS0GufI9f jz8u0ojH5oag7p8aAvjcEPqEwUCOJ+t5h9hxqkTc5pxJOEeOKRAacDNUth0t2N+4 C4tTn/dGPkSFXZbx2jfGY++NBFYcsrhh1I+MQvdnFNBbcWBLy6NT7A4GU7dkPPnZ yCt9LubBrcWPLQyhfmE7DANO2cAi2KZq9Z0LfHjxBvGz3Hl8jua+NK0SZINlGnU/ PNNSTCRxXo6GyPttRA2kTj0RHULb9yjnJ/NwfrNIS7PsgsRQO+KtHHDmC5H/FxlP ryoeAvjco3nrfz9CAQYhjwolA8gb4UU1xhD9vdGtCXnGUsVLVFYnBdNTLk4PXGPx jfPvvk6kDenMo8C7fMd7iosz/Q8bRGiD92UyPzG3wcog4SVfA0hmfyEuLKRmDmNj +uijiqL0Y0P7EQjvUP4w8pKOHpKL4Ffh/OdhqBaHkH6zCsQyr4DCtkv80rvJCBdU y9neEweOdshQ9/QFUcQ0MVbl1KT6ViW6l3fftDsk8lsdTmRJAawbbB4TeVMHNn5F 0Pf6hakP0wrYKqBuiGvNzLIzow5qToCen6ZjdDXUANbvt7fKfZauv6I4v0zLg+ql ZwlypAC7uWknaoHw5fOPPb/uU4xZwsXZXzcy2IbXOq4LcLopza0= =GY8E -----END PGP SIGNATURE-----