From 8c4ad317decb90e67a4d2291bde00397e20c9d6b Mon Sep 17 00:00:00 2001
From: Yonghua Huang <yonghua.huang@intel.com>
Date: Wed, 27 Jul 2022 15:54:22 +0300
Subject: [PATCH] doc: update security advisory for 3.0.1 release

  Update security advisory for release_3.0.1

Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
---
 doc/asa.rst | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/doc/asa.rst b/doc/asa.rst
index 9bd96d03a..e55b169f8 100644
--- a/doc/asa.rst
+++ b/doc/asa.rst
@@ -3,9 +3,24 @@
 Security Advisory
 #################
 
+Addressed in ACRN v3.0.1
+************************
+We recommend that all developers upgrade to this v3.0.1 release (or later), which
+addresses the following security issue discovered in previous releases:
+
+-----
+
+-  Disable RRSBA on platforms using retpoline
+    For platforms that supports RRSBA (Restricted Return Stack Buffer
+    Alternate), using retpoline may not be sufficient to guard against branch
+    history injection or intra-mode branch target injection. RRSBA must
+    be disabled to prevent CPUs from using alternate predictors for RETs.
+    (Addresses security issue tracked by CVE-2022-29901 and CVE-2022-28693.)
+
+    **Affected Release:** v3.0 and earlier
+
 Addressed in ACRN v2.7
 ************************
-
 We recommend that all developers upgrade to this v2.7 release (or later), which
 addresses the following security issue discovered in previous releases: