[SECURITY] [DSA 5475-1] linux security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 5475-1] linux security update
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Fri, 11 Aug 2023 07:57:07 +0000
Message-id: <[🔎] E1qUN19-00D35u-92@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5475-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
August 11, 2023                       https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : linux
CVE ID         : CVE-2022-40982 CVE-2023-20569

CVE-2022-40982

    Daniel Moghimi discovered Gather Data Sampling (GDS), a hardware
    vulnerability for Intel CPUs which allows unprivileged speculative
    access to data which was previously stored in vector registers.

    This mitigation requires updated CPU microcode provided in the
    intel-microcode package.

    For details please refer to
    <https://downfall.page/> and
    <https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/gather-data-sampling.html>.

CVE-2023-20569

    Daniel Trujillo, Johannes Wikner and Kaveh Razavi discovered
    INCEPTION, also known as Speculative Return Stack Overflow (SRSO),
    a transient execution attack that leaks arbitrary data on all AMD
    Zen CPUs. An attacker can mis-train the CPU BTB to predict non-
    architectural CALL instructions in kernel space and use this to
    control the speculative target of a subsequent kernel RET,
    potentially leading to information disclosure via a speculative
    side-channel.

    For details please refer to
    <https://comsec.ethz.ch/research/microarch/inception/> and
    <https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-7005>.

For the oldstable distribution (bullseye), these problems have been fixed
in version 5.10.179-5.

For the stable distribution (bookworm), these problems have been fixed in
version 6.1.38-4.

We recommend that you upgrade your linux packages.

For the detailed security status of linux please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/linux

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmTV0BlfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0SeJw/+Lsm9OPYOCSLnox1Rcdor5uAckTjewBhT7+iGaaThpOu3p7tnJcfqYDIw
Ywv1amkgeJTz8j9AW5N/PIXDJsSST1W9/lh5PhGJJqcj9Dd0UTtcHjQwY+KeKa66
rhe/5uqMD2NQhVFTbacaYU87kEeqbuQpb/Z1Q1jmqFkFzrfgAfQy114OM8aS+LRJ
V9VKy+TVB+DZ3rRQxr8EEg/dtWbFW0iTHxjDWDSK2AjYSUI7dwLw9Ynbh3xXyHaO
EI+BEKK3ugt9IC4Dn29az49tkrxxCCR6VxzsXiezCTrtoO7APVaLOfW4SJFPPWHl
ZREQegR7DgKWNVzZtavUpZyrPXidGhBJ7SyQjojd5BlZHnc1X7kNJIYC7Hrlt8JY
R8zmdluOucZpqvRNfr4vuFWmR5nucGvBeDmW/3UBUvzWWkqmfiwROPUd7KwbLt47
CWRbqFdFgxQ2trPTKU17V9H5BPKnbU/gj1Cbzcth/Z3+aeKFu+PCUYDfwwPZigjg
LXALs7CSdyrStevXpO13IIWqVRg4afUy4VjBLqV7iF+ff3CSlKW3ImuzgVnV/kT3
IfDbqWD5QF2S5jag94/nu/e+m5CKKUZNxu4Xvc598fpohaZKvttZH2U7y9FQqT3u
x/YwSsBfN3jLgqiwDyY+q10eITjGyhzmjFklrS50/btTTPk8l2s=
=hjVd
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 5474-1] intel-microcode security update
Next by Date: [SECURITY] [DSA 5476-1] gst-plugins-ugly1.0 security update
Previous by thread: [SECURITY] [DSA 5474-1] intel-microcode security update
Next by thread: [SECURITY] [DSA 5476-1] gst-plugins-ugly1.0 security update
Index(es):
- Date
- Thread