Guest53Hi. A mitigation for the amd inception vulnerability is available for a while in the upstream kernel. I would like to inquire about the timeline of introducing the fix to the ubuntu kernels.19:32
Guest53If I'm in the wrong place with this question, please direct me to the correct place to ask something like this19:36
tomreynhmm, a valid point to me. let's pretend they're still around, since i'm also woindering.20:16
tomreyndebian got it since Aug 11, apparently? https://security-tracker.debian.org/tracker/CVE-2023-2056920:17
-ubottu:#ubuntu-security- A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure. <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20569>20:17
sarnoldtomreyn: the changelog entries on https://launchpad.net/ubuntu/+source/amd64-microcode/3.20230808.1.1ubuntu1 make me think we might have pushed the microcode updates for it already?21:22
tomreynsarnold: looks like it, for the firmware. i was more wondering about the linux patches (though, IIRC, one of the two is sufficient).21:25
sarnoldtomreyn: I wouldn't be surprised if the kernel mitigation is one of those "prevent leaking kernel data to userspace" but doesn't help with eg secrets in a web browser being held safe from interpreted languages in the web browser, where the microcode probably helps with both21:26
tomreynsarnold: i guess the issue witht he microcode is that updates are, so far, only available for some affected CPUs (epyc, specifically, not the desktop ones), so having the kernel mitigation would be > nice to have.21:31
sarnoldtomreyn: yeah :/ for at least one of the recent AMD issues they said the client cpus would be getting updated around november or december. oof.21:32
tomreynright. so... it would be good to ensure the linux patches are present21:36
sarnold*nod* I've asked around if anyone's collected a list of necessary patches for the break-fix lines .. it quickly became apparent that it's way more than I can just pop off in a few minutes21:38
tomreynoh, i didn't mean to suggest that *you* do it, or *now* ;-)21:39
tomreynthanks for poking + helping me look into it.21:39
sarnoldwell, I kind of expected to find maybe two commits and then I could just add them to the file and then find out in a few hours if we've already shipped it or not :)21:41
sarnoldno such luck, lol21:41
tomreyn:) you're clearly too optimistic21:42

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!