Mitigate Foreshadow aka. L1 Terminal Fault vulnerabilities

Originally created by @cypherpunks on #15796 (Redmine)

A recent and very severe vulnerability has been revealed that allows arbitrary memory reads. The mitigations (both for userspace and hypervisors) were submitted to the Linux kernel in commit 958f338e96f874a0d29442396d6adf9c1e17aa2d. For non-hypervisors, the fix is simple and has no performance impact. It is important that Tails upgrade its kernel to mitigate this nasty vulnerability.

https://foreshadowattack.eu/
https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault
https://blog.ubuntu.com/2018/08/14/ubuntu-updates-for-l1-terminal-fault-vulnerabilities

Debian status:

https://security-tracker.debian.org/tracker/CVE-2018-3615 (only affects Intel SGX, which we don’t use)
https://security-tracker.debian.org/tracker/CVE-2018-3620
https://security-tracker.debian.org/tracker/CVE-2018-3646 (only affects virtualization, which we don’t use)

Feature Branch: bugfix/15796-foreshadow+force-all-tests

Related issues

Blocks tails/accounting#15334
Blocks #15852 (closed)
Blocks #15846 (closed)

Edited May 15, 2020 by cypherpunks