mirror of
https://github.com/linuxkit/linuxkit.git
synced 2025-10-11 04:33:46 +00:00
bfceb1dfbb
The 4.4.14 has a number of important fixes/additions: - New support for retpolines (enabled but requires newer gcc to take advantage of). This provides mitigation for Spectre style attacks. - Various KPTI fixes including fixes for EFI booting - More eBPF fixes around out-of-bounds and overflow of maps. These were used for variant 1 of CVE-2017-5753. - Several KVM related to CVE-2017-5753, CVE-2017-5715, CVE-2017-17741. - New sysfs interface listing vulnerabilities: /sys/devices/system/cpu/vulnerabilities The 4.9.77 kernel also has seems to have most/all of the above back-ported. See https://lwn.net/SubscriberLink/744287/1fc3c18173f732e7/ for more details on the Spectre mitigation. Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
See ../docs/kernels.md for more information on kernel builds.