This kernel update is based on upstream 5.15.122 and fixes atleast
the following security issue:
Under specific microarchitectural circumstances, a register in "Zen 2"
CPUs may not be written to 0 correctly. This may cause data from another
process and/or thread to be stored in the YMM register, which may allow
an attacker to potentially access sensitive information (CVE-2023-20593,
also known as Zenbleed)
This update adds a kernel-side mitigation for this issue to protect users
until Amd gets their fixed microcode / AGESA updates out for all affected
CPUs. The fixed microcode for Amd EPYC gen2 is available in the
microcode-0.20230613-2.mga8.nonfree package. For other affected CPUs, see
the referenced amd.com url that has info about estimated microcode update
timelines for various CPUs.
For other upstream fixes in this update, see the referenced changelogs.
- https://bugs.mageia.org/show_bug.cgi?id=32139
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.121
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.122
- https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7008.html
- https://www.cve.org/CVERecord?id=CVE-2023-20593
- 8/core/kernel-5.15.122-1.mga8
- 8/core/kmod-virtualbox-7.0.10-1.1.mga8
- 8/core/kmod-xtables-addons-3.23-1.23.mga8
Get the latest Linux and open source security news straight to your inbox.