[SRU][P][PATCH 5/8] UBUNTU: [Config] Enable MITIGATION_VMSCAPE config
Massimiliano Pellizzer
massimiliano.pellizzer at canonical.com
Wed Sep 17 12:22:41 UTC 2025
BugLink: https://bugs.launchpad.net/bugs/2124105
VMSCAPE is a vulnerability, affecting a broad range of amd64 CPUs,
that may allow a guest to influence the branch prediction in host userspace.
It particularly affects hypervisors like QEMU.
Enable mitigations for the vulnerability.
Signed-off-by: Massimiliano Pellizzer <massimiliano.pellizzer at canonical.com>
---
debian.master/config/annotations | 3 +++
1 file changed, 3 insertions(+)
diff --git a/debian.master/config/annotations b/debian.master/config/annotations
index 642f0f04ca6d2..138526bf67b64 100644
--- a/debian.master/config/annotations
+++ b/debian.master/config/annotations
@@ -411,6 +411,9 @@ CONFIG_MHP_DEFAULT_ONLINE_TYPE_OFFLINE note<'LP: #1848492'>
CONFIG_MHP_MEMMAP_ON_MEMORY policy<{'amd64': 'y', 'arm64': 'y', 'ppc64el': 'y', 'riscv64': 'y', 's390x': 'y'}>
CONFIG_MHP_MEMMAP_ON_MEMORY note<'LP: #2051835'>
+CONFIG_MITIGATION_VMSCAPE policy<{'amd64': 'y'}>
+CONFIG_MITIGATION_VMSCAPE note<'LP: #2124105'>
+
CONFIG_MMC_BLOCK policy<{'amd64': 'm', 'arm64': 'm', 'armhf': 'm', 'ppc64el': 'm', 'riscv64': 'm', 's390x': '-'}>
CONFIG_MMC_BLOCK note<'boot essential on armhf/arm64'>
--
2.48.1
More information about the kernel-team
mailing list