diff --git a/website/data/security/errata.toml b/website/data/security/errata.toml
index 913e1dc6df..3ab79b1502 100644
--- a/website/data/security/errata.toml
+++ b/website/data/security/errata.toml
@@ -1,743 +1,751 @@
# Sort errata notices by year, month and day
# $FreeBSD$
+[[notices]]
+name = "FreeBSD-EN-22:08.i386"
+date = "2022-02-01"
+
+[[notices]]
+name = "FreeBSD-EN-22:07.la57"
+date = "2022-02-01"
+
[[notices]]
name = "FreeBSD-EN-22:06.libalias"
date = "2022-01-11"
[[notices]]
name = "FreeBSD-EN-22:05.tail"
date = "2022-01-11"
[[notices]]
name = "FreeBSD-EN-22:04.pcid"
date = "2022-01-11"
[[notices]]
name = "FreeBSD-EN-22:03.hyperv"
date = "2022-01-11"
[[notices]]
name = "FreeBSD-EN-22:02.xsave"
date = "2022-01-11"
[[notices]]
name = "FreeBSD-EN-22:01.fsck_ffs"
date = "2022-01-11"
[[notices]]
name = "FreeBSD-EN-21:29.tzdata"
date = "2021-11-03"
[[notices]]
name = "FreeBSD-EN-21:28.vmci"
date = "2021-11-03"
[[notices]]
name = "FreeBSD-EN-21:27.caroot"
date = "2021-11-03"
[[notices]]
name = "FreeBSD-EN-21:26.libevent"
date = "2021-11-03"
[[notices]]
name = "FreeBSD-EN-21:25.bhyve"
date = "2021-08-24"
[[notices]]
name = "FreeBSD-EN-21:24.libcrypto"
date = "2021-08-24"
[[notices]]
name = "FreeBSD-EN-21:23.virtio_blk"
date = "2021-08-24"
[[notices]]
name = "FreeBSD-EN-21:22.linux_futex"
date = "2021-06-29"
[[notices]]
name = "FreeBSD-EN-21:21.ipfw"
date = "2021-06-29"
[[notices]]
name = "FreeBSD-EN-21:20.vlan"
date = "2021-06-29"
[[notices]]
name = "FreeBSD-EN-21:19.libcasper"
date = "2021-06-29"
[[notices]]
name = "FreeBSD-EN-21:18.libc++"
date = "2021-06-29"
[[notices]]
name = "FreeBSD-EN-21:17.libradius"
date = "2021-06-01"
[[notices]]
name = "FreeBSD-EN-21:16.bc"
date = "2021-05-26"
[[notices]]
name = "FreeBSD-EN-21:15.virtio"
date = "2021-05-26"
[[notices]]
name = "FreeBSD-EN-21:14.pms"
date = "2021-05-26"
[[notices]]
name = "FreeBSD-EN-21:13.mpt"
date = "2021-05-26"
[[notices]]
name = "FreeBSD-EN-21:12.divert"
date = "2021-05-26"
[[notices]]
name = "FreeBSD-EN-21:11.aesni"
date = "2021-05-26"
[[notices]]
name = "FreeBSD-EN-21:10.lldb"
date = "2021-04-06"
[[notices]]
name = "FreeBSD-EN-21:09.pf"
date = "2021-04-06"
[[notices]]
name = "FreeBSD-EN-21:08.freebsd-update"
date = "2021-02-24"
[[notices]]
name = "FreeBSD-EN-21:07.caroot"
date = "2021-02-24"
[[notices]]
name = "FreeBSD-EN-21:06.microcode"
date = "2021-02-24"
[[notices]]
name = "FreeBSD-EN-21:05.libatomic"
date = "2021-01-29"
[[notices]]
name = "FreeBSD-EN-21:04.zfs"
date = "2021-01-29"
[[notices]]
name = "FreeBSD-EN-21:03.vnet"
date = "2021-01-29"
[[notices]]
name = "FreeBSD-EN-21:02.extattr"
date = "2021-01-29"
[[notices]]
name = "FreeBSD-EN-21:01.tzdata"
date = "2021-01-29"
[[notices]]
name = "FreeBSD-EN-20:22.callout"
date = "2020-12-01"
[[notices]]
name = "FreeBSD-EN-20:21.ipfw"
date = "2020-12-01"
[[notices]]
name = "FreeBSD-EN-20:20.tzdata"
date = "2020-12-01"
[[notices]]
name = "FreeBSD-EN-20:19.audit"
date = "2020-12-01"
[[notices]]
name = "FreeBSD-EN-20:18.getfsstat"
date = "2020-09-02"
[[notices]]
name = "FreeBSD-EN-20:17.linuxthread"
date = "2020-09-02"
[[notices]]
name = "FreeBSD-EN-20:16.vmx"
date = "2020-08-05"
[[notices]]
name = "FreeBSD-EN-20:15.mps"
date = "2020-07-08"
[[notices]]
name = "FreeBSD-EN-20:14.linuxkpi"
date = "2020-07-08"
[[notices]]
name = "FreeBSD-EN-20:13.bhyve"
date = "2020-07-08"
[[notices]]
name = "FreeBSD-EN-20:12.iflib"
date = "2020-06-09"
[[notices]]
name = "FreeBSD-EN-20:11.ena"
date = "2020-06-09"
[[notices]]
name = "FreeBSD-EN-20:10.build"
date = "2020-05-12"
[[notices]]
name = "FreeBSD-EN-20:09.igb"
date = "2020-05-12"
[[notices]]
name = "FreeBSD-EN-20:08.tzdata"
date = "2020-05-12"
[[notices]]
name = "FreeBSD-EN-20:07.quotad"
date = "2020-04-21"
[[notices]]
name = "FreeBSD-EN-20:06.ipv6"
date = "2020-03-19"
[[notices]]
name = "FreeBSD-EN-20:05.mlx5en"
date = "2020-03-19"
[[notices]]
name = "FreeBSD-EN-20:04.pfctl"
date = "2020-03-19"
[[notices]]
name = "FreeBSD-EN-20:03.sshd"
date = "2020-03-19"
[[notices]]
name = "FreeBSD-EN-20:02.nmount"
date = "2020-01-28"
[[notices]]
name = "FreeBSD-EN-20:01.ssp"
date = "2020-01-28"
[[notices]]
name = "FreeBSD-EN-19:19.loader"
date = "2019-11-12"
[[notices]]
name = "FreeBSD-EN-19:18.tzdata"
date = "2019-10-23"
[[notices]]
name = "FreeBSD-EN-19:17.ipfw"
date = "2019-08-20"
[[notices]]
name = "FreeBSD-EN-19:16.bhyve"
date = "2019-08-20"
[[notices]]
name = "FreeBSD-EN-19:15.libunwind"
date = "2019-08-06"
[[notices]]
name = "FreeBSD-EN-19:14.epoch"
date = "2019-08-06"
[[notices]]
name = "FreeBSD-EN-19:13.mds"
date = "2019-07-24"
[[notices]]
name = "FreeBSD-EN-19:12.tzdata"
date = "2019-07-02"
[[notices]]
name = "FreeBSD-EN-19:11.net"
date = "2019-06-19"
[[notices]]
name = "FreeBSD-EN-19:10.scp"
date = "2019-05-14"
[[notices]]
name = "FreeBSD-EN-19:09.xinstall"
date = "2019-05-14"
[[notices]]
name = "FreeBSD-EN-19:08.tzdata"
date = "2019-05-14"
[[notices]]
name = "FreeBSD-EN-19:07.lle"
date = "2019-02-05"
[[notices]]
name = "FreeBSD-EN-19:06.dtrace"
date = "2019-02-05"
[[notices]]
name = "FreeBSD-EN-19:05.kqueue"
date = "2019-01-09"
[[notices]]
name = "FreeBSD-EN-19:04.tzdata"
date = "2019-01-09"
[[notices]]
name = "FreeBSD-EN-19:03.sqlite"
date = "2019-01-09"
[[notices]]
name = "FreeBSD-EN-19:02.tcp"
date = "2019-01-09"
[[notices]]
name = "FreeBSD-EN-19:01.cc_cubic"
date = "2019-01-09"
[[notices]]
name = "FreeBSD-EN-18:18.zfs"
date = "2018-12-19"
[[notices]]
name = "FreeBSD-EN-18:17.vm"
date = "2018-12-19"
[[notices]]
name = "FreeBSD-EN-18:16.ptrace"
date = "2018-12-19"
[[notices]]
name = "FreeBSD-EN-18:15.loader"
date = "2018-11-27"
[[notices]]
name = "FreeBSD-EN-18:14.tzdata"
date = "2018-11-27"
[[notices]]
name = "FreeBSD-EN-18:13.icmp"
date = "2018-11-27"
[[notices]]
name = "FreeBSD-EN-18:12.mem"
date = "2018-09-27"
[[notices]]
name = "FreeBSD-EN-18:11.listen"
date = "2018-09-27"
[[notices]]
name = "FreeBSD-EN-18:10.syscall"
date = "2018-09-27"
[[notices]]
name = "FreeBSD-EN-18:09.ip"
date = "2018-09-27"
[[notices]]
name = "FreeBSD-EN-18:08.lazyfpu"
date = "2018-09-12"
[[notices]]
name = "FreeBSD-EN-18:07.pmap"
date = "2018-06-21"
[[notices]]
name = "FreeBSD-EN-18:06.tzdata"
date = "2018-05-08"
[[notices]]
name = "FreeBSD-EN-18:05.mem"
date = "2018-05-08"
[[notices]]
name = "FreeBSD-EN-18:04.mem"
date = "2018-04-04"
[[notices]]
name = "FreeBSD-EN-18:03.tzdata"
date = "2018-04-04"
[[notices]]
name = "FreeBSD-EN-18:02.file"
date = "2018-03-07"
[[notices]]
name = "FreeBSD-EN-18:01.tzdata"
date = "2018-03-07"
[[notices]]
name = "FreeBSD-EN-17:09.tzdata"
date = "2017-11-02"
[[notices]]
name = "FreeBSD-EN-17:08.pf"
date = "2017-08-10"
[[notices]]
name = "FreeBSD-EN-17:07.vnet"
date = "2017-08-10"
[[notices]]
name = "FreeBSD-EN-17:06.hyperv"
date = "2017-07-12"
[[notices]]
name = "FreeBSD-EN-17:05.xen"
date = "2017-04-12"
[[notices]]
name = "FreeBSD-EN-17:04.mandoc"
date = "2017-02-23"
[[notices]]
name = "FreeBSD-EN-17:03.hyperv"
date = "2017-02-23"
[[notices]]
name = "FreeBSD-EN-17:02.yp"
date = "2017-02-23"
[[notices]]
name = "FreeBSD-EN-17:01.pcie"
date = "2017-02-23"
[[notices]]
name = "FreeBSD-EN-16:21.localedef"
date = "2016-12-06"
[[notices]]
name = "FreeBSD-EN-16:20.tzdata"
date = "2016-12-06"
[[notices]]
name = "FreeBSD-EN-16:19.tzcode"
date = "2016-12-06"
[[notices]]
name = "FreeBSD-EN-16:18.loader"
date = "2016-10-25"
[[notices]]
name = "FreeBSD-EN-16:17.vm"
date = "2016-10-25"
[[notices]]
name = "FreeBSD-EN-16:16.hv_storvsc"
date = "2016-08-12"
[[notices]]
name = "FreeBSD-EN-16:15.vmbus"
date = "2016-08-12"
[[notices]]
name = "FreeBSD-EN-16:14.hv_storvsc"
date = "2016-08-12"
[[notices]]
name = "FreeBSD-EN-16:13.vmbus"
date = "2016-08-12"
[[notices]]
name = "FreeBSD-EN-16:12.hv_storvsc"
date = "2016-08-12"
[[notices]]
name = "FreeBSD-EN-16:11.vmbus"
date = "2016-08-12"
[[notices]]
name = "FreeBSD-EN-16:10.dhclient"
date = "2016-08-12"
[[notices]]
name = "FreeBSD-EN-16:09.freebsd-update"
date = "2016-07-25"
[[notices]]
name = "FreeBSD-EN-16:08.zfs"
date = "2016-05-04"
[[notices]]
name = "FreeBSD-EN-16:07.ipi"
date = "2016-05-04"
[[notices]]
name = "FreeBSD-EN-16:06.libc"
date = "2016-05-04"
[[notices]]
name = "FreeBSD-EN-16:05.hv_netvsc"
date = "2016-03-16"
[[notices]]
name = "FreeBSD-EN-16:04.hyperv"
date = "2016-03-16"
[[notices]]
name = "FreeBSD-EN-16:03.yplib"
date = "2016-01-14"
[[notices]]
name = "FreeBSD-EN-16:02.pf"
date = "2016-01-14"
[[notices]]
name = "FreeBSD-EN-16:01.filemon"
date = "2016-01-14"
[[notices]]
name = "FreeBSD-EN-15:20.vm"
date = "2015-11-04"
[[notices]]
name = "FreeBSD-EN-15:19.kqueue"
date = "2015-11-04"
[[notices]]
name = "FreeBSD-EN-15:18.pkg"
date = "2015-09-16"
[[notices]]
name = "FreeBSD-EN-15:17.libc"
date = "2015-09-16"
[[notices]]
name = "FreeBSD-EN-15:16.pw"
date = "2015-09-16"
[[notices]]
name = "FreeBSD-EN-15:15.pkg"
date = "2015-08-25"
[[notices]]
name = "FreeBSD-EN-15:14.ixgbe"
date = "2015-08-25"
[[notices]]
name = "FreeBSD-EN-15:13.vidcontrol"
date = "2015-08-18"
[[notices]]
name = "FreeBSD-EN-15:12.netstat"
date = "2015-08-18"
[[notices]]
name = "FreeBSD-EN-15:11.toolchain"
date = "2015-08-18"
[[notices]]
name = "FreeBSD-EN-15:10.iconv"
date = "2015-06-30"
[[notices]]
name = "FreeBSD-EN-15:09.xlocale"
date = "2015-06-30"
[[notices]]
name = "FreeBSD-EN-15:08.sendmail"
date = "2015-06-18"
[[notices]]
name = "FreeBSD-EN-15:07.zfs"
date = "2015-06-09"
[[notices]]
name = "FreeBSD-EN-15:06.file"
date = "2015-06-09"
[[notices]]
name = "FreeBSD-EN-15:05.ufs"
date = "2015-05-13"
[[notices]]
name = "FreeBSD-EN-15:04.freebsd-update"
date = "2015-05-13"
[[notices]]
name = "FreeBSD-EN-15:03.freebsd-update"
date = "2015-02-25"
[[notices]]
name = "FreeBSD-EN-15:02.openssl"
date = "2015-02-25"
[[notices]]
name = "FreeBSD-EN-15:01.vt"
date = "2015-02-25"
[[notices]]
name = "FreeBSD-EN-14:13.freebsd-update"
date = "2014-12-23"
[[notices]]
name = "FreeBSD-EN-14:12.zfs"
date = "2014-11-04"
[[notices]]
name = "FreeBSD-EN-14:11.crypt"
date = "2014-10-22"
[[notices]]
name = "FreeBSD-EN-14:10.tzdata"
date = "2014-10-22"
[[notices]]
name = "FreeBSD-EN-14:09.jail"
date = "2014-07-08"
[[notices]]
name = "FreeBSD-EN-14:08.heimdal"
date = "2014-06-24"
[[notices]]
name = "FreeBSD-EN-14:07.pmap"
date = "2014-06-24"
[[notices]]
name = "FreeBSD-EN-14:06.exec"
date = "2014-06-03"
[[notices]]
name = "FreeBSD-EN-14:05.ciss"
date = "2014-05-13"
[[notices]]
name = "FreeBSD-EN-14:04.kldxref"
date = "2014-05-13"
[[notices]]
name = "FreeBSD-EN-14:03.pkg"
date = "2014-05-13"
[[notices]]
name = "FreeBSD-EN-14:02.mmap"
date = "2014-01-14"
[[notices]]
name = "FreeBSD-EN-14:01.random"
date = "2014-01-14"
[[notices]]
name = "FreeBSD-EN-13:05.freebsd-update"
date = "2013-11-28"
[[notices]]
name = "FreeBSD-EN-13:04.freebsd-update"
date = "2013-10-26"
[[notices]]
name = "FreeBSD-EN-13:03.mfi"
date = "2013-08-22"
[[notices]]
name = "FreeBSD-EN-13:01.fxp"
date = "2013-06-28"
[[notices]]
name = "FreeBSD-EN-13:02.vtnet"
date = "2013-06-28"
[[notices]]
name = "FreeBSD-EN-12:02.ipv6refcount"
date = "2012-06-12"
[[notices]]
name = "FreeBSD-EN-12:01.freebsd-update"
date = "2012-01-04"
[[notices]]
name = "FreeBSD-EN-10:02.sched_ule"
date = "2010-02-27"
[[notices]]
name = "FreeBSD-EN-10:01.freebsd"
date = "2010-01-06"
[[notices]]
name = "FreeBSD-EN-09:05.null"
date = "2009-10-02"
[[notices]]
name = "FreeBSD-EN-09:04.fork"
date = "2009-06-24"
[[notices]]
name = "FreeBSD-EN-09:03.fxp"
date = "2009-06-24"
[[notices]]
name = "FreeBSD-EN-09:02.bce"
date = "2009-06-24"
[[notices]]
name = "FreeBSD-EN-09:01.kenv"
date = "2009-03-23"
[[notices]]
name = "FreeBSD-EN-08:02.tcp"
date = "2008-06-19"
[[notices]]
name = "FreeBSD-EN-08:01.libpthread"
date = "2008-04-17"
[[notices]]
name = "FreeBSD-EN-07:05.freebsd-update"
date = "2007-03-15"
[[notices]]
name = "FreeBSD-EN-07:04.zoneinfo"
date = "2007-02-28"
[[notices]]
name = "FreeBSD-EN-07:03.rc.d_jail"
date = "2007-02-28"
[[notices]]
name = "FreeBSD-EN-07:02.net"
date = "2007-02-28"
[[notices]]
name = "FreeBSD-EN-07:01.nfs"
date = "2007-02-14"
[[notices]]
name = "FreeBSD-EN-06:02.net"
date = "2006-08-28"
[[notices]]
name = "FreeBSD-EN-06:01.jail"
date = "2006-07-07"
[[notices]]
name = "FreeBSD-EN-05:04.nfs"
date = "2005-12-19"
[[notices]]
name = "FreeBSD-EN-05:03.ipi"
date = "2005-01-16"
[[notices]]
name = "FreeBSD-EN-05:02.sk"
date = "2005-01-06"
[[notices]]
name = "FreeBSD-EN-05:01.nfs"
date = "2005-01-05"
[[notices]]
name = "FreeBSD-EN-04:01.twe"
date = "2004-06-28"
diff --git a/website/static/security/advisories/FreeBSD-EN-22:07.la57.asc b/website/static/security/advisories/FreeBSD-EN-22:07.la57.asc
new file mode 100644
index 0000000000..ff43d06c1d
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-EN-22:07.la57.asc
@@ -0,0 +1,130 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-22:07.la57 Errata Notice
+ The FreeBSD Project
+
+Topic: Intel CPU LA57 boot failure
+
+Category: core
+Module: kernel
+Announced: 2022-02-01
+Affects: FreeBSD 13.0
+Corrected: 2021-05-03 01:27:22 UTC (stable/13, 13.0-STABLE)
+ 2022-02-01 17:43:46 UTC (releng/13.0, 13.0-RELEASE-p7)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+.
+
+I. Background
+
+Recent Intel x86-64 CPUs support 5-level paging, extending the size of the
+virtual address space to 57 bits. The extension is enabled by setting a bit
+known as LA57 in a control register, and switching to 5-level paging during
+boot.
+
+II. Problem Description
+
+LA57 support was tested on and is functional within QEMU, but fails on
+physical hardware.
+
+III. Impact
+
+The kernel fails to boot on Intel CPUs that support LA57.
+
+IV. Workaround
+
+LA57 may be disabled by adding the following to /boot/loader.conf:
+
+ vm.pmap.la57=0
+
+This may also be set from the loader prompt (i.e., for initial boot or
+installation).
+
+V. Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+
+After update LA57 will be disabled by default. 5-level paging will be fully
+supported in a future FreeBSD release.
+
+Perform one of the following:
+
+1) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64, i386, or
+(on FreeBSD 13 and later) arm64 platforms can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+2) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-22:07/la57.patch
+# fetch https://security.FreeBSD.org/patches/EN-22:07/la57.patch.asc
+# gpg --verify la57.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile and reinstall your kernel as described in
+.
+
+VI. Correction details
+
+This issue is corrected by the corresponding Git commit hash in the
+following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/13/ df6241fcef9a stable/13-n245478
+releng/13.0/ f151464add6f releng/13.0-n244775
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmH5kzIACgkQ05eS9J6n
+5cJP+Q//be4jFodkfCtiwKwMNr+1RvGZtopWq0X6g5CQCTIrPtUKqdie3ceOhjRi
+zl3vNInfus6iTo0jSBMiWCpj7cI3AekZvwLuDHKp1GWv5WWQivDe6A6sbrGSgIQ2
+9MG7RYE7t0L0LVnzTSlHCWXCzTqmpzTXEePw7NqgPhg7J3NtwYLBh5C4MqmScA6Y
+vbNzWMGIfa9IJqaDcxxEdqqGoTrv/MEWzVZ7TzM4O8DWIm+oK/5E+qiTk1fSyc/Z
+uI6hUMMt7xxP8KkZdlqVODwHzVo6v4kigpNTqNK1epv3nFrL3hJ+e3GhWreV6tkI
+XA9pjZT2gyLz+Ryn7QyIzrByrpXKDQK/8nKu9eoQdhDdxN6sWS65PPQKPhzQOemk
+qFx3V2oK3UMF7Q2BeF8aDxm48RU8weDACcxn2w6X73VyIHvz1H3MpirxPrcwjm1v
+RQJKGUZfnnTfg8zsstVASaj2R2i+Qa0Zk70tbCaXrPH7TB6Cadx6sjBjoLViQYQk
+99glmvpc37u2ryW4MKlDNLeae9LnW7jyDMfpGlN3tJ4AD6y+2EcVixiTqAEF8t27
+hZgi/3MVUNltCfSUoOol9y/aqaTjxPHTR9HSjrmCnJAWHwmyk33lC4/17kd8Qx0U
+bEFufzp/pDwFur7dWJOxVehFHc0/MoOioJHbeN3oNBMQiFdDoRY=
+=efkJ
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-EN-22:08.i386.asc b/website/static/security/advisories/FreeBSD-EN-22:08.i386.asc
new file mode 100644
index 0000000000..07b68e1759
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-EN-22:08.i386.asc
@@ -0,0 +1,125 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-22:08.i386 Errata Notice
+ The FreeBSD Project
+
+Topic: Regression in i386 TLB invalidation logic
+
+Category: core
+Module: i386
+Announced: 2022-02-01
+Affects: FreeBSD 12.2 and 12.3
+Corrected: 2022-01-25 10:40:16 UTC (stable/12, 12.3-STABLE)
+ 2022-02-01 19:13:44 UTC (releng/12.3, 12.3-RELEASE-p2)
+ 2022-02-01 19:13:24 UTC (releng/12.2, 12.2-RELEASE-p13)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+.
+
+I. Background
+
+The FreeBSD/i386 port supports running FreeBSD on 32-bit Intel and AMD CPUs.
+
+On the i386 platform, the operating system kernel is responsible for
+invalidating per-CPU TLBs (translation lookaside buffer) when virtual memory
+mappings are updated.
+
+II. Problem Description
+
+The patch which was released as EN-22:04.pcid introduced a regression
+affecting FreeBSD 12.2 and 12.3. This regression introduced a bug in the i386
+platform's TLB invalidation logic.
+
+III. Impact
+
+The regression causes kernel panics under multi-core CPU load.
+
+IV. Workaround
+
+No workaround is available. Single-core systems are not affected.
+
+V. Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date and reboot.
+
+Perform one of the following:
+
+1) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64, i386, or
+(on FreeBSD 13 and later) arm64 platforms can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for an errata update"
+
+2) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-22:08/i386.patch
+# fetch https://security.FreeBSD.org/patches/EN-22:08/i386.patch.asc
+# gpg --verify i386.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+ and reboot the
+system.
+
+VI. Correction details
+
+This issue is corrected by the corresponding Git commit hash or Subversion
+revision number in the following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/12/ r371519
+releng/12.3/ r371536
+releng/12.2/ r371534
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a particular
+revision, replacing NNNNNN with the revision number:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+
+
+VII. References
+
+
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmH5kz4ACgkQ05eS9J6n
+5cJVsQ/+KFXts6jb5Nrm2qbZm38x6af3zwiN/v39cz5DumOvIC0OFTiaeaWU91Dc
+bytpGp6KIuOK6pYGIP4NrZW5L0pow3mwV/nxpZLATR4QTCiBydOgKekjaAiU6rxX
+vX/MS2rm6Th6EcBIw1dept1up73qM2FoM8DC+/e9HlCtqyDqfgBLqbMuSymk0fz+
+Lh1Zj9ywS1sY+fn7eeAq7RmlTpuQBnlZEllDhf9paC5JWR4fu23XQeZHUUIuqOkF
+bnPE7hDaXdEvU0zY4b57vzTT7MQx7vCRBdCsk086s2dvInbeqTDEYSk5+R/kqsgR
+5+xijYPGb9D9J0tMaETGQp0vLkDI4xJpkX8AhZ8JBIjxyKxKI/VY+KOwX6CfUmon
+tgUeo8EYkliLBUtq31L7MLMzzCN1mjA05h78uBvDjmm9ATv8IAmKlSNestIzfl4j
+Rw3oYpQU/TsQSxUMnReRth781bORmJdDnEDAvjqGKGOT9VkUJ/3chv13EHJX88/R
+No1DYB3LM4MaGf1c7paB9ahJOnV8Z5bk5j3nqLhys2asEvGcWvuWW722LO/wcREL
+L4GsQmEbUerTeh8Q5RE147ZTYOnGb5eIQi5McPRozdNQBLjJGUOEhWeSBdBbDgch
+8cfYw3UdyNst80puq6t/4Wft4uhvkuNYKiaY9MKNYON/YHrhZ78=
+=TqoX
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/EN-22:07/la57.patch b/website/static/security/patches/EN-22:07/la57.patch
new file mode 100644
index 0000000000..b424d4a185
--- /dev/null
+++ b/website/static/security/patches/EN-22:07/la57.patch
@@ -0,0 +1,12 @@
+--- sys/amd64/amd64/pmap.c.orig
++++ sys/amd64/amd64/pmap.c
+@@ -2015,8 +2015,7 @@
+
+ if ((cpu_stdext_feature2 & CPUID_STDEXT2_LA57) == 0)
+ return;
+- if (!TUNABLE_INT_FETCH("vm.pmap.la57", &la57))
+- la57 = 1;
++ TUNABLE_INT_FETCH("vm.pmap.la57", &la57);
+ if (!la57)
+ return;
+
diff --git a/website/static/security/patches/EN-22:07/la57.patch.asc b/website/static/security/patches/EN-22:07/la57.patch.asc
new file mode 100644
index 0000000000..3205213623
--- /dev/null
+++ b/website/static/security/patches/EN-22:07/la57.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmH5kz4ACgkQ05eS9J6n
+5cIAEA//VelXkW6LzL+V1KkJnQrJQJj7wXij630Ctz+9OnEFfiqghMy515U34nlD
+VqgigI7trWaQKtfbZ+GNNDycn+BbnKgeZAEWWgKpVqVuAWT6D0cZe086j5KIOVzr
+UbDuLjUIslWCnnl9Ez4mnIHhly1PsSy6m+71DxLjqcME854IxNCIo0dUgY6yl6yJ
+CV/f4zukJz8N9k2ZineX+DMv2XzjByx5s1DnNi65dcCSZ8uAxmujBvR34b+IgBXG
+jjmW/HLAy+IHiE6MTryS3221+z3grNFGK62ud9rXGahP1oLMym/P33hqftJOKZKH
+4odDXNOtVYzy6J7uTHp5UGitGUYq1uBAIGEL2wPvRMWPkLHMJ6yBdj5Ob8zB8azk
+G775W8/T8SaO7dPsfo3h4yf82xumvz6ft+amDjSycfJhGWg8feTqCi2+6JgNUBFf
+7fSkMCDKZsd64cqOoVizjdC94Ksxn9VWIE41hV6oL0DCjM/DON+R/Wqg5VGHlLEP
+50t+oH8ak07TE0QcITj/osHUVTxF5PFDdsPgPiYkXKgNGfHxXIkgttJyJtoZaUB8
+y3Aq3mZ9EyczOiWG+53EBRpxyO0SODQdP++oHNHyy9qA50fR4t2f1yMAmaEgSQ2c
+HswDlbJQbwRU+B1ZnG9XtE/TmZqBeKEGhROai4Dqrx00zI3yFok=
+=2dQo
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/EN-22:08/i386.patch b/website/static/security/patches/EN-22:08/i386.patch
new file mode 100644
index 0000000000..50b87c3883
--- /dev/null
+++ b/website/static/security/patches/EN-22:08/i386.patch
@@ -0,0 +1,13 @@
+--- sys/x86/x86/mp_x86.c.orig
++++ sys/x86/x86/mp_x86.c
+@@ -1678,6 +1678,10 @@
+ uint32_t generation;
+ int cpu;
+
++#ifdef __i386__
++ sched_pin();
++#endif
++
+ /*
+ * It is not necessary to signal other CPUs while booting or
+ * when in the debugger.
diff --git a/website/static/security/patches/EN-22:08/i386.patch.asc b/website/static/security/patches/EN-22:08/i386.patch.asc
new file mode 100644
index 0000000000..2e9efa75c0
--- /dev/null
+++ b/website/static/security/patches/EN-22:08/i386.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmH5kz8ACgkQ05eS9J6n
+5cKd5RAAmFeOe672hitRtQ59uiSm7kYgp4Mh3fRv5XRQzx43LNb27/6/E925ZA4t
+G8i+jA2xRPhyfrvzV3MvCsDN8+9+/lsLABkY2AQj2fQJG+VTGz2QAf2hOxc7dFMs
+99Rhf7aupwMgAAknWk/ZsG2RAIYNGq1n5f4zHSQCIx95edosJ/hP4dqy25+xgCa6
+SXXV8ePacoaNXZP6Z66OgJvTaT0n6ONfEudvkPX6sVUvj/iUbzleIDGoangU6mIn
+qm+RB4OXcP2qv02XC+MquQoNmGSh/IrrYHl84EmSqhenoUR4tWkK8pB0NeQGSThM
+YqbCJ7YKl0UPqEax3kJrA5X/fppdppx5KpEuw0fEVudpofkoeNxM6Ww+Ub32EP+L
+hIDAPibkf8QbZmVu1YYEiCFLbP7pnTW+Xsv/fsYhJv8gtc3p4gwbPcO2MUn9Ltae
+bRFjqiUP1OI+8I/cruonrfugWIZSJgq3mR6A8qACtmsQ7GAsrdWhjL7gkkYWTj3P
+xUiQeshVgnQ4J8WYABNAaeTod1hVh/nwRsBfrIEQq4OXFoRbyb296gSb06QhjPoq
+6HxwEseTZws+9pFTCe+NCvCPL7V/Vk61ppoDdWU8YvzGP3jPu31YAXyz8pbkxQE0
+EGXTp+HwyP0wCuBnlHS3ixA32SIUdyOGKGS+nbeP2amKJ0w7OXU=
+=Svjy
+-----END PGP SIGNATURE-----