[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add note on CVE-2017-5715 for qemu
Salvatore Bonaccorso
carnil at debian.org
Sun Jan 7 12:24:13 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
13653c17 by Salvatore Bonaccorso at 2018-01-07T13:22:23+01:00
Add note on CVE-2017-5715 for qemu
Add a note on Qemu update. To protect from CVE-2017-5715 one would need
to have an 1/ intel / amd cpu microcode update, 2/ a qemu update to pass
new MSR and CPU flags from the microcode update 3/ host kernel update.
Refer to the relevant part for Qemu:
https://lists.nongnu.org/archive/html/qemu-devel/2018-01/msg00811.html
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -47861,7 +47861,10 @@ CVE-2017-5715 (Systems with microprocessors utilizing speculative execution and
NOTE: intel-microcode: https://bugs.debian.org/886367
NOTE: intel-microcode: Some microcode updates to partially adress CVE-2017-5715 included in 3.20171215.1
NOTE: amd64-microcode: https://bugs.debian.org/886382
- TODO: check, qemu/qemu-kvm and intel-microcode and amd64-microcode need as well to be tracked
+ NOTE: Qemu patches: https://lists.nongnu.org/archive/html/qemu-devel/2018-01/msg00811.html
+ NOTE: to pass thorugh new MSR and CPUID flags from the host VM to the CPU, to
+ NOTE: allow (future) enabling/disabling ranch prediction features in the Intel
+ NOTE: CPU.
CVE-2017-5714
RESERVED
CVE-2017-5713
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/13653c173cff24791b40eeec91d8a9da17215201
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/13653c173cff24791b40eeec91d8a9da17215201
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180107/1275a7bf/attachment.html>
More information about the Secure-testing-commits
mailing list