[x86: Native Branch History Injection]
Author | Note |
---|---|
sbeattie | in the short term, Ubuntu 6.6 based kernels (Ubuntu 23.10 LTS and Ubuntu 22.04 HWE kernels) have backported the first round of native_bhi mitigations, but are defaulting to spectre_bhi=auto. The kernel commandline parameter can be changed to spectre_bhi=on if desired; see the kernel parameters documentation linked to in the references section. This default will change to match the upstream kernelโs default to โonโ in a subsequent update. |
rodrigo-zaiden | USN-6765-1 for linux-oem-6.5 wrongly stated that this CVE was fixed in version 6.5.0-1022.23. The mentioned notice was revoked and the state of the fix for linux-oem-6.5 was recovered to the previous state. |
apw | patches #1 and #7 are not expected before jammy they were not required for mitigation; make them both conditional on v5.15 being present. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | linux | <ย any | UNKNOWN |
ubuntu | 20.04 | noarch | linux | <ย any | UNKNOWN |
ubuntu | 22.04 | noarch | linux | <ย 5.15.0-106.116 | UNKNOWN |
ubuntu | 23.10 | noarch | linux | <ย 6.5.0-35.35 | UNKNOWN |
ubuntu | 16.04 | noarch | linux | <ย any | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws | <ย any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | <ย any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | <ย 5.15.0-1061.67 | UNKNOWN |
ubuntu | 23.10 | noarch | linux-aws | <ย 6.5.0-1020.20 | UNKNOWN |
ubuntu | 14.04 | noarch | linux-aws | <ย any | UNKNOWN |
download.vusec.net/papers/inspectre_sec24.pdf
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2bb69f5fc72183e1c62547d900f560d0e9334925
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/admin-guide/kernel-parameters.txt?id=2bb69f5fc72183e1c62547d900f560d0e9334925#n6066
launchpad.net/bugs/cve/CVE-2024-2201
lists.xenproject.org/archives/html/xen-announce/2024-04/msg00004.html
nvd.nist.gov/vuln/detail/CVE-2024-2201
security-tracker.debian.org/tracker/CVE-2024-2201
ubuntu.com/security/notices/USN-6766-1
ubuntu.com/security/notices/USN-6766-2
ubuntu.com/security/notices/USN-6766-3
ubuntu.com/security/notices/USN-6774-1
ubuntu.com/security/notices/USN-6795-1
ubuntu.com/security/notices/USN-6828-1
ubuntu.com/security/notices/USN-6865-1
ubuntu.com/security/notices/USN-6866-1
ubuntu.com/security/notices/USN-6866-2
ubuntu.com/security/notices/USN-6866-3
ubuntu.com/security/notices/USN-6868-1
ubuntu.com/security/notices/USN-6868-2
wiki.ubuntu.com/SecurityTeam/KnowledgeBase/Native-BHI
www.cve.org/CVERecord?id=CVE-2024-2201
www.vusec.net/projects/native-bhi/