UbuntuUpdates.org

Package "linux-hwe"

Name: linux-hwe

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Linux kernel buildinfo for version 4.15.0 on 32 bit x86 SMP
  • Linux kernel buildinfo for version 4.15.0 on 32 bit x86 SMP
  • Linux kernel buildinfo for version 4.15.0 on 32 bit x86 SMP
  • Linux kernel buildinfo for version 4.15.0 on 32 bit x86 SMP

Latest version: 4.15.0-76.86~16.04.1
Release: xenial (16.04)
Level: security
Repository: main

Links

Save this URL for the latest version of "linux-hwe": https://www.ubuntuupdates.org/linux-hwe



Other versions of "linux-hwe" in Xenial

Repository Area Version
updates main 4.15.0-88.88~16.04.1
proposed main 4.15.0-88.88~16.04.1
PPA: Canonical Kernel Team 4.15.0-88.88~16.04.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 4.15.0-76.86~16.04.1 2020-01-29 13:06:23 UTC

  linux-hwe (4.15.0-76.86~16.04.1) xenial; urgency=medium

  * xenial/linux-hwe: 4.15.0-76.86~16.04.1 -proposed tracker (LP: #1860122)

  [ Ubuntu: 4.15.0-76.86 ]

  * bionic/linux: 4.15.0-76.86 -proposed tracker (LP: #1860123)
  * Integrate Intel SGX driver into linux-azure (LP: #1844245)
    - [Packaging] Add systemd service to load intel_sgx
  * [Regression] Bionic kernel 4.15.0-71.80 can not boot on ThunderX
    (LP: #1853326) // Bionic kernel panic on Cavium ThunderX CN88XX
    (LP: #1853485) // Cavium ThunderX CN88XX crashes on boot (LP: #1857074)
    - arm64: Check for errata before evaluating cpu features
    - arm64: add sentinel to kpti_safe_list

Source diff to previous version
1853326 [Regression] Bionic kernel 4.15.0-71.80 can not boot on ThunderX
1853485 Bionic kernel panic on Cavium ThunderX CN88XX
1857074 Cavium ThunderX CN88XX crashes on boot

Version: 4.15.0-74.83~16.04.1 2020-01-07 13:06:36 UTC

  linux-hwe (4.15.0-74.83~16.04.1) xenial; urgency=medium

  * xenial/linux-hwe: 4.15.0-74.83~16.04.1 -proposed tracker (LP: #1856804)

  [ Ubuntu: 4.15.0-74.83 ]

  * bionic/linux: 4.15.0-74.83 -proposed tracker (LP: #1856749)
  * [Hyper-V] KVP daemon fails to start on first boot of disco VM (LP: #1820063)
    - [Packaging] bind hv_kvp_daemon startup to hv_kvp device
  * Unrevert "arm64: Use firmware to detect CPUs that are not affected by
    Spectre-v2" (LP: #1854207)
    - arm64: Get rid of __smccc_workaround_1_hvc_*
    - arm64: Use firmware to detect CPUs that are not affected by Spectre-v2
  * Bionic kernel panic on Cavium ThunderX CN88XX (LP: #1853485)
    - SAUCE: irqchip/gic-v3-its: Add missing return value in
      its_irq_domain_activate()

Source diff to previous version
1820063 [Hyper-V] KVP daemon fails to start on first boot of disco VM
1854207 Unrevert \
1853485 Bionic kernel panic on Cavium ThunderX CN88XX

Version: 4.15.0-72.81~16.04.1 2019-12-03 14:06:20 UTC

  linux-hwe (4.15.0-72.81~16.04.1) xenial; urgency=medium

  * xenial/linux-hwe: 4.15.0-72.81~16.04.1 -proposed tracker (LP: #1854026)

  [ Ubuntu: 4.15.0-72.81 ]

  * bionic/linux: 4.15.0-72.81 -proposed tracker (LP: #1854027)
  * [Regression] Bionic kernel 4.15.0-71.80 can not boot on ThunderX
    (LP: #1853326)
    - Revert "arm64: Use firmware to detect CPUs that are not affected by
      Spectre-v2"
    - Revert "arm64: Get rid of __smccc_workaround_1_hvc_*"
  * [Regression] Bionic kernel 4.15.0-71.80 can not boot on ThunderX2 and
    Kunpeng920 (LP: #1852723)
    - SAUCE: arm64: capabilities: Move setup_boot_cpu_capabilities() call to
      correct place

Source diff to previous version
1853326 [Regression] Bionic kernel 4.15.0-71.80 can not boot on ThunderX
1852723 [Regression] Bionic kernel 4.15.0-71.80 can not boot on ThunderX2 and Kunpeng920

Version: 4.15.0-70.79~16.04.1 2019-11-13 20:06:57 UTC

  linux-hwe (4.15.0-70.79~16.04.1) xenial; urgency=medium

  [ Ubuntu: 4.15.0-70.79 ]

  * Ubuntu-5.0.0-33.35 introduces KVM regression with old Intel CPUs and Linux
    guests (LP: #1851709)
    - Revert "KVM: x86: Manually calculate reserved bits when loading PDPTRS"
  * Incomplete i915 fix for 64-bit x86 kernels (LP: #1852141) // CVE-2019-0155
    - SAUCE: drm/i915/cmdparser: Fix jump whitelist clearing

 -- Stefan Bader <email address hidden> Tue, 12 Nov 2019 12:07:41 +0100

Source diff to previous version
1851709 Ubuntu-5.0.0-33.35 introduces KVM regression with old Intel CPUs and Linux guests
1852141 CVE-2019-0155: incomplete fix for 64-bit x86 kernels

Version: 4.15.0-69.78~16.04.1 2019-11-13 02:08:50 UTC

  linux-hwe (4.15.0-69.78~16.04.1) xenial; urgency=medium

  [ Ubuntu: 4.15.0-69.78 ]

  * KVM NULL pointer deref (LP: #1851205)
    - KVM: nVMX: handle page fault in vmread fix
  * CVE-2018-12207
    - KVM: MMU: drop vcpu param in gpte_access
    - kvm: Convert kvm_lock to a mutex
    - kvm: x86: Do not release the page inside mmu_set_spte()
    - KVM: x86: make FNAME(fetch) and __direct_map more similar
    - KVM: x86: remove now unneeded hugepage gfn adjustment
    - KVM: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON
    - KVM: x86: add tracepoints around __direct_map and FNAME(fetch)
    - kvm: x86, powerpc: do not allow clearing largepages debugfs entry
    - SAUCE: KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is
      active
    - SAUCE: x86: Add ITLB_MULTIHIT bug infrastructure
    - SAUCE: kvm: mmu: ITLB_MULTIHIT mitigation
    - SAUCE: kvm: Add helper function for creating VM worker threads
    - SAUCE: kvm: x86: mmu: Recovery of shattered NX large pages
    - SAUCE: cpu/speculation: Uninline and export CPU mitigations helpers
    - SAUCE: kvm: x86: mmu: Apply global mitigations knob to ITLB_MULTIHIT
  * CVE-2019-11135
    - KVM: x86: use Intel speculation bugs and features as derived in generic x86
      code
    - x86/msr: Add the IA32_TSX_CTRL MSR
    - x86/cpu: Add a helper function x86_read_arch_cap_msr()
    - x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default
    - x86/speculation/taa: Add mitigation for TSX Async Abort
    - x86/speculation/taa: Add sysfs reporting for TSX Async Abort
    - kvm/x86: Export MDS_NO=0 to guests when TSX is enabled
    - x86/tsx: Add "auto" option to the tsx= cmdline parameter
    - x86/speculation/taa: Add documentation for TSX Async Abort
    - x86/tsx: Add config options to set tsx=on|off|auto
    - SAUCE: x86/speculation/taa: Call tsx_init()
    - SAUCE: x86/cpu: Include cpu header from bugs.c
    - [Config] Disable TSX by default when possible
  * CVE-2019-0154
    - SAUCE: drm/i915: Lower RM timeout to avoid DSI hard hangs
    - SAUCE: drm/i915/gen8+: Add RC6 CTX corruption WA
  * CVE-2019-0155
    - drm/i915/gtt: Add read only pages to gen8_pte_encode
    - drm/i915/gtt: Read-only pages for insert_entries on bdw+
    - drm/i915/gtt: Disable read-only support under GVT
    - drm/i915: Prevent writing into a read-only object via a GGTT mmap
    - drm/i915/cmdparser: Check reg_table_count before derefencing.
    - drm/i915/cmdparser: Do not check past the cmd length.
    - drm/i915: Silence smatch for cmdparser
    - drm/i915: Move engine->needs_cmd_parser to engine->flags
    - SAUCE: drm/i915: Rename gen7 cmdparser tables
    - SAUCE: drm/i915: Disable Secure Batches for gen6+
    - SAUCE: drm/i915: Remove Master tables from cmdparser
    - SAUCE: drm/i915: Add support for mandatory cmdparsing
    - SAUCE: drm/i915: Support ro ppgtt mapped cmdparser shadow buffers
    - SAUCE: drm/i915: Allow parsing of unsized batches
    - SAUCE: drm/i915: Add gen9 BCS cmdparsing
    - SAUCE: drm/i915/cmdparser: Use explicit goto for error paths
    - SAUCE: drm/i915/cmdparser: Add support for backward jumps
    - SAUCE: drm/i915/cmdparser: Ignore Length operands during command matching

CVE-2018-12207 iTLB Multihit
CVE-2019-11135 TSX Asynchronous Abort



About   -   Send Feedback to @ubuntu_updates