This vulnerability  got released in the news the other day:
A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse of the upstream “x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()” commit reintroduced the Spectre vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped.
TL;DR all Linux kernel (longterm)stable versions were vulnerable to Spectre v1 up till… well, current git? Cause I still don’t see Linux kernel 5.2.12 released, to name an example.
I’m not entirely sure at which date the vulnerability got reintroduced.
Whether this applies to FP1/FP2 I do not know. I know that FP2 runs Linux kernel 3.16 (on LOS 16, and supposedly also other OSes use this kernel cause of blobs) which isn’t mentioned as affected.
While I assume they backported the Meltdown and Spectre fixes, including this bug, it has to be carefully verified.
Has anyone tried such? Where can I browse the source used?