Bug 727608

Summary:	<sys-devel/gcc-{9.4.0,10.3.0,11.1.0}: Straight Line Speculation mitigation for ARMv8 (CVE-2020-13844)
Product:	Gentoo Security	Reporter:	Sam James <sam>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	IN_PROGRESS ---
Severity:	minor	CC:	herrtimson
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://gcc.gnu.org/pipermail/gcc-patches/2020-June/547520.html
See Also:	https://bugs.gentoo.org/show_bug.cgi?id=646758
Whiteboard:	A4 [glsa? cve]
Package list:		Runtime testing required:	---
Bug Depends on:
Bug Blocks:	727606

Description Sam James archtester

2020-06-09 01:26:06 UTC

Patches have been submitted by ARM to address the new Straight Line Speculation (SLS) vulnerability.

Using this bug to keep track of the status upstream, and then to determine what we do in Gentoo (like before, bug 646758, but maybe with more success here).

Patch series: https://gcc.gnu.org/pipermail/gcc-patches/2020-June/547520.html

Comment 1 Sam James archtester

2020-06-09 01:27:26 UTC

To be clear, I do not expect toolchain@ to add these patches themselves before they are accepted upstream -- this is just to keep track.

Comment 2 Sam James archtester

2020-07-24 16:25:25 UTC

The fixes are being backported to 9.x and 10.x: https://gcc.gnu.org/pipermail/gcc-patches/2020-July/550369.html.

Comment 3 John Helmert III archtester

2021-11-11 16:41:04 UTC

Looks like the patches made it into 9.4.0 (20da13e395bde597d8337167c712039c8f923c3b), 10.3.0 (50703e93a82df4af69c692d01b980b3b2c0eb53e), and 11.1.0 (a9ba2a9b77bec7eacaf066801f22d1c366a2bc86). Doesn't look like it was backported to 8.x, so I guess we're at [cleanup]?

Comment 4 John Helmert III archtester

2022-07-15 04:14:04 UTC

8.x and 9.x are now masked.

Comment 5 Andreas K. Hüttel archtester

2023-08-24 19:39:36 UTC

All affected versions are gone.