Looks like this is the likely candidate:
commit 7fa1a35564b270e940111c31828e553bff8f063b
Author: Gustavo A. R. Silva <[email protected]>
Date: Thu Aug 2 22:40:19 2018 -0500
drm/i915/kvmgt: Fix potential Spectre v1
info.index can be indirectly controlled by user-space, hence leading
to a potential exploitation of the Spectre variant 1 vulnerability.
This issue was detected with the help of Smatch:
drivers/gpu/drm/i915/gvt/kvmgt.c:1232 intel_vgpu_ioctl() warn:
potential spectre issue 'vgpu->vdev.region' [r]
Fix this by sanitizing info.index before indirectly using it to index
vgpu->vdev.region
Notice that given that speculation windows are large, the policy is
to kill the speculation on the first load and not worry if it can be
completed with a dependent load/store [1].
[1] https://marc.info/?l=linux-kernel&m=152449131114778&w=2
Cc: [email protected]
Signed-off-by: Gustavo A. R. Silva <[email protected]>
Signed-off-by: Zhenyu Wang <[email protected]>
CVE-2017-5753
(cherry picked from commit de5372da605d3bca46e3102bab51b7e1c0e0a6f6)
Signed-off-by: Juerg Haefliger <[email protected]>
Acked-by: Stefan Bader <[email protected]>
Acked-by: Kleber Sacilotto de Souza <[email protected]>
Signed-off-by: Stefan Bader <[email protected]>
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5753
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1834177
Title:
regression: between 4.15.0-45 and 4.15.0-50 - i915 vmalloc_fault
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1834177/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
