ELSA-2025-20406

Описание

[5.4.17-2136.344.4.3]

• Add Zen34 clients (Borislav Petkov (AMD)) [Orabug: 38129026] {CVE-2024-36350} {CVE-2024-36357}
• x86/process: Move the buffer clearing before MONITOR (Kim Phillips) [Orabug: 38129026] {CVE-2024-36350} {CVE-2024-36357}
• KVM: SVM: Advertize TSA CPUID bits to guests (Borislav Petkov (AMD)) [Orabug: 38129026] {CVE-2024-36350} {CVE-2024-36357}
• x86/bugs: Add a Transient Scheduler Attacks mitigation (Borislav Petkov (AMD)) [Orabug: 38129026] {CVE-2024-36350} {CVE-2024-36357}
• KVM: x86: add support for CPUID leaf 0x80000021 (Paolo Bonzini) [Orabug: 38129026] {CVE-2024-36350} {CVE-2024-36357}
• x86/bugs: Rename MDS machinery to something more generic (Borislav Petkov (AMD)) [Orabug: 38129026] {CVE-2024-36350} {CVE-2024-36357}
• x86/CPU/AMD: Add ZenX generations flags (Borislav Petkov (AMD)) [Orabug: 38129026] {CVE-2024-36350} {CVE-2024-36357}
• x86/bugs: Free X86_BUG_AMD_APIC_C1E and X86_BUG_AMD_E400 bits (Boris Ostrovsky) [Orabug: 38129026] {CVE-2024-36350} {CVE-2024-36357}
• x86/bugs: Enabling Retbleed and SRSO mitigation can taint the kernel (Alexandre Chartre) [Orabug: 38129010]
• selftest/x86/bugs: Add selftests for ITS (Pawan Gupta) [Orabug: 38128642] {CVE-2024-28956}
• x86/its: Align RETs in BHB clear sequence to avoid thunking (Pawan Gupta) [Orabug: 38128642] {CVE-2024-28956}
• x86/its: Add 'vmexit' option to skip mitigation on some CPUs (Pawan Gupta) [Orabug: 38128642] {CVE-2024-28956}
• x86/its: Enable Indirect Target Selection mitigation (Pawan Gupta) [Orabug: 38128642] {CVE-2024-28956}
• x86/its: Add support for ITS-safe return thunk (Pawan Gupta) [Orabug: 38128642] {CVE-2024-28956}
• x86/its: Add support for ITS-safe indirect thunk (Pawan Gupta) [Orabug: 38128642] {CVE-2024-28956}
• x86/its: Enumerate Indirect Target Selection (ITS) bug (Pawan Gupta) [Orabug: 38128642] {CVE-2024-28956}
• Documentation: x86/bugs/its: Add ITS documentation (Pawan Gupta) [Orabug: 38128642] {CVE-2024-28956}