Linux: patch Spectre Vulnerability CVE-2017-5753CVE-2017-5715

This post will guide you how to patch Spectre Vulnerability CVE-2017-5753/ CVE-2017-5715 in your current CentOS/Ubuntu Linux. How to fix Spectre Vulnerabilities on CentOS/RHEL/Ubuntu Linux system.

What is CVE-2017-5753?

An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor’s data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks.

What is CVE-2017-5715?

An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commo15nly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor’s data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.

Patch CVE-2017-5715 and CVE-2017-5753 to Fix the Spectre Vulnerability

For CentOS/RHEL Linux:

You just need to update the kernel to the lastest version, type:

# yum update –y

For Ubuntu Linux:

Type the following command:

$ sudo apt-get update
$ sudo apt-get upgrade

For Fedora Linux:

Type the following command:

$ sudo dnf –refresh update kernel

After upgrade the kernel version to the latest version, you still need to reboot the system.

# reboot

Check Spectre Patch

After kernel updated to the latest version, you can issue the following command to check if those two patches are mergered:

# rpm -q --changelog kernel | egrep 'CVE-2017-5715|CVE-2017-5753'

Outputs:

[root@devops ~]# rpm -q --changelog kernel | egrep 'CVE-2017-5715|CVE-2017-5753'
- [kernel] locking/barriers: prevent speculative execution based on Coverity scan results (Josh Poimboeuf) [1519786] {CVE-2017-5753}
- [x86] entry: Invoke TRACE_IRQS_IRETQ in paranoid_userspace_restore_all (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] cpu: fix get_scattered_cpu_leaf for IBPB feature (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] spec_ctrl: show added cpuid flags in /proc/cpuinfo after late microcode update (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] spec_ctrl: svm: spec_ctrl at vmexit needs per-cpu areas functional (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] mm/kaiser: init_tss is supposed to go in the PAGE_ALIGNED per-cpu section (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] spec_ctrl: Eliminate redundnat FEATURE Not Present messages (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] kaiser/mm: skip IBRS/CR3 restore when paranoid exception returns to userland (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] spec_ctrl: set IBRS during resume from RAM if ibrs_enabled is 2 (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] spec_ctrl: allow use_ibp_disable only if both SPEC_CTRL and IBPB_SUPPORT are missing (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] spec_ctrl: Documentation spec_ctrl.txt (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] spec_ctrl: remove irqs_disabled() check from intel_idle() (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] spec_ctrl: use enum when setting ibrs/ibpb_enabled (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] spec_ctrl: undo speculation barrier for ibrs_enabled and noibrs_cmdline (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-575 CVE-2017-5754}
- [x86] spec_ctrl: introduce ibpb_enabled = 2 for IBPB instead of IBRS (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] spec_ctrl: introduce SPEC_CTRL_PCP_ONLY_IBPB (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] spec_ctrl: cleanup s/flush/sync/ naming when sending IPIs (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] spec_ctrl: set IBRS during CPU init if in ibrs_enabled == 2 (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] spec_ctrl: use IBRS_ENABLED instead of 1 (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] spec_ctrl: allow the IBP disable feature to be toggled at runtime (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] spec_ctrl: always initialize save_reg in ENABLE_IBRS_SAVE_AND_CLOBBER (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] spec_ctrl: ibrs_enabled() is expected to return > 1 (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] spec_ctrl: issue a __spec_ctrl_ibpb if a credential check isn't possible (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] ibpb: don't optimize spec_cntrl_ibpb on PREEMPT_RCU (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] spec_ctrl: clear registers after 32bit syscall stackframe is setup (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] spec_ctrl: reload spec_ctrl cpuid in all microcode load paths (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] spec_ctrl: Prevent unwanted speculation without IBRS (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] entry: Remove trampoline check from paranoid entry path (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] entry: Fix paranoid_exit() trampoline clobber (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] entry: Simplify trampoline stack restore code (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] spec_ctrl: remove SPEC_CTRL_DEBUG code (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] spec_ctrl: add noibrs noibpb boot options (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] syscall: Clear unused extra registers on 32-bit compatible syscall entrance (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] spec_ctrl: cleanup unnecessary ptregscall_common function (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] spec_ctrl: CLEAR_EXTRA_REGS and extra regs save/restore (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] syscall: Clear unused extra registers on syscall entrance (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] spec_ctrl: rescan cpuid after a late microcode update (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] spec_ctrl: add debugfs ibrs_enabled ibpb_enabled (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] spec_ctrl: consolidate the spec control boot detection (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] kvm/spec_ctrl: allow IBRS to stay enabled in host userland (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] spec_ctrl: add debug aid to test the entry code without microcode (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] spec_ctrl: move stuff_RSB in spec_ctrl.h (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] entry: Stuff RSB for entry to kernel for non-SMEP platform (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] mm: Only set IBPB when the new thread cannot ptrace current thread (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] mm: Set IBPB upon context switch (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] idle: Disable IBRS when offlining cpu and re-enable on wakeup (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] idle: Disable IBRS entering idle and enable it on wakeup (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] spec_ctrl: implement spec ctrl C methods (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] spec_ctrl: save IBRS MSR value in save_paranoid for NMI (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] enter: Use IBRS on syscall and interrupts (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] spec_ctrl: swap rdx with rsi for nmi nesting detection (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] spec_ctrl: spec_ctrl_pcp and kaiser_enabled_pcp in same cachline (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] spec_ctrl: use per-cpu knob instead of ALTERNATIVES for ibpb and ibrs (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] enter: MACROS to set/clear IBRS and set IBPB (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] kvm: x86: add SPEC_CTRL to MSR and CPUID lists (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] kvm: svm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] svm: Set IBPB when running a different VCPU (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] kvm: vmx: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] kvm: vmx: Set IBPB when running a different VCPU (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] kvm: x86: clear registers on VM exit (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] kvm: Pad RSB on VM transition (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] cpu/amd: Control indirect branch predictor when SPEC_CTRL not available (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-575 CVE-2017-5754}
- [x86] feature: Report presence of IBPB and IBRS control (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] feature: Enable the x86 feature to control Speculation (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [tools] objtool: Don't print 'call dest' warnings for ignored functions (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [fs] udf: prevent speculative execution (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [kernel] fs: prevent speculative execution (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [kernel] userns: prevent speculative execution (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [scsi] qla2xxx: prevent speculative execution (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [netdrv] p54: prevent speculative execution (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [netdrv] carl9170: prevent speculative execution (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [media] uvcvideo: prevent speculative execution (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] cpu/amd: Remove now unused definition of MFENCE_RDTSC feature (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] cpu/amd: Make the LFENCE instruction serialized (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [kernel] locking/barriers: introduce new memory barrier gmb() (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] kaiser/mm: consider the init_mm.pgd a kaiser pgd (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] kaiser/mm: convert userland visible "kpti" name to "pti" (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] kaiser/mm: __load_cr3 in resume from RAM after kernel gs has been restored (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] kaiser/mm: fix pgd freeing in error path (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] mm/kaiser: disable global pages by default with KAISER (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] revert "x86/mm/kaiser: Disable global pages by default with KAISER" (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] mm/kaiser: Replace kaiser with kpti to sync with upstream (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] mm/kaiser: add "kaiser" and "nokaiser" boot options (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] mm/kaiser: map the trace idt tables in userland shadow pgd (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] mm/kaiser: fix RESTORE_CR3 crash in kaiser_stop_machine (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [security] x86/mm/kaiser: use stop_machine for enable/disable knob (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] mm/kaiser: use atomic ops to poison/unpoison user pagetables (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] mm/kaiser: use invpcid to flush the two kaiser PCID AISD (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] mm/kaiser: use two PCID ASIDs optimize the TLB during enter/exit kernel (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-575 CVE-2017-5754}
- [x86] mm/kaiser: stop patching flush_tlb_single (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] mm/kaiser: use PCID feature to make user and kernel switches faster (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] mm: If INVPCID is available, use it to flush global mappings (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] mm/64: Fix reboot interaction with CR4.PCIDE (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] mm/64: Initialize CR4.PCIDE early (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] mm: Add a 'noinvpcid' boot option to turn off INVPCID (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] mm: Add the 'nopcid' boot option to turn off PCID (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] mm/kaiser: validate trampoline stack (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] entry: Move SYSENTER_stack to the beginning of struct tss_struct (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [kernel] x86/mm/kaiser: isolate the user mapped per cpu areas (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] mm/kaiser: selective boot time defaults (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] mm/kaiser: handle call to xen_pv_domain() on PREEMPT_RT (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] mm/kaiser/xen: Dynamically disable KAISER when running under Xen PV (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [security] x86/mm/kaiser: add Kconfig (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] mm/kaiser: avoid false positives during non-kaiser pgd updates (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] mm/kaiser: Respect disabled CPU features (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] mm/kaiser: trampoline stack comments (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] mm/kaiser: stack trampoline (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] mm/kaiser: remove paravirt clock warning (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] mm/kaiser: re-enable vsyscalls (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] mm/kaiser: allow to build KAISER with KASRL (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] mm/kaiser: allow KAISER to be enabled/disabled at runtime (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] mm/kaiser: un-poison PGDs at runtime (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] mm/kaiser: add a function to check for KAISER being enabled (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] mm/kaiser: add debugfs file to turn KAISER on/off at runtime (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] mm/kaiser: disable native VSYSCALL (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] mm/kaiser: map virtually-addressed performance monitoring buffers (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] mm/kaiser: map debug IDT tables (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] mm/kaiser: add kprobes text section (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] mm/kaiser: map trace interrupt entry (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] mm/kaiser: map entry stack per-cpu areas (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] mm/kaiser: map dynamically-allocated LDTs (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] mm/kaiser: make sure static PGDs are 8k in size (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] mm/kaiser: allow NX poison to be set in p4d/pgd (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] mm/kaiser: unmap kernel from userspace page tables (core patch) (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] mm/kaiser: mark per-cpu data structures required for entry/exit (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] mm/kaiser: introduce user-mapped per-cpu areas (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] mm/kaiser: add cr3 switches to entry code (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] mm/kaiser: remove scratch registers (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] mm/kaiser: prepare assembly for entry/exit CR3 switching (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] mm/kaiser: Disable global pages by default with KAISER (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] mm: Document X86_CR4_PGE toggling behavior (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] mm/tlb: Make CR4-based TLB flushes more robust (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] mm: Do not set _PAGE_USER for init_mm page tables (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] increase robusteness of bad_iret fixup handler (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [x86] perf/x86/intel/uncore: Fix memory leaks on allocation failures (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}
- [mm] fix bad rss-counter if remap_file_pages raced migration (Andrea Arcangeli) [1519801 1519798 1519786] {CVE-2017-5715 CVE-2017-5753 CVE-2017-5754}

OSETC TECH

Linux: patch Spectre Vulnerability CVE-2017-5753CVE-2017-5715

What is CVE-2017-5753?

What is CVE-2017-5715?

Patch CVE-2017-5715 and CVE-2017-5753 to Fix the Spectre Vulnerability

Check Spectre Patch

You might also like: