ELA-948-1 linux-4.19 security update

linux kernel update

Version4.19.289-2~deb8u1 (jessie), 4.19.289-2~deb9u1 (stretch)
Related CVEs CVE-2022-40982

Daniel Moghimi discovered Gather Data Sampling (GDS), a hardware vulnerability for Intel CPUs which allows unprivileged speculative access to data which was previously stored in vector registers.

This mitigation requires updated CPU microcode provided in the intel-microcode package and released as ELA-935-1.

For details please refer to https://downfall.page/ and https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/gather-data-sampling.html.

For Debian 8 jessie, these problems have been fixed in version 4.19.289-2~deb8u1.

For Debian 9 stretch, these problems have been fixed in version 4.19.289-2~deb9u1.

We recommend that you upgrade your linux-4.19 packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.