[Git][security-tracker-team/security-tracker][master] Add libvirt tracking for MDS vulnerabilities as well
Salvatore Bonaccorso
carnil at debian.org
Sat May 18 10:11:50 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e4ee6890 by Salvatore Bonaccorso at 2019-05-18T09:09:40Z
Add libvirt tracking for MDS vulnerabilities as well
It's not directly an issue in libvirt, but to protect VM users as well
when the microcode provides the mechanism to invoke a flush of various
exploitable CPU buffers by invoking the VERW instruction, libvirt needs
to define the md-clear CPUID bit as well for quests.
Track respective libvirt fixes as well under the CVE-2018-12126,
CVE-2018-12127, CVE-2018-12130 and CVE-2019-11091 ids.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2484,9 +2484,12 @@ CVE-2019-11091 [MDSUM Microarchitectural Data Sampling Uncacheable Memory]
- linux 4.19.37-2
- xen <unfixed>
- qemu <unfixed> (bug #929067)
+ - libvirt <unfixed>
NOTE: https://git.kernel.org/linus/fa4bff165070dc40a3de35b78e4f8da8e8d85ec5
NOTE: https://software.intel.com/security-software-guidance/software-guidance/microarchitectural-data-sampling
NOTE: https://xenbits.xen.org/xsa/advisory-297.html
+ NOTE: libvirt support for md-clear CPUID bit:
+ NOTE: https://libvirt.org/git/?p=libvirt.git;a=commit;h=538d873571d7a682852dc1d70e5f4478f4d64e85
CVE-2019-11090
RESERVED
CVE-2019-11089
@@ -51384,9 +51387,12 @@ CVE-2018-12130 [MFBDS Microarchitectural Fill Buffer Data Sampling]
- linux 4.19.37-2
- xen <unfixed>
- qemu <unfixed> (bug #929067)
+ - libvirt <unfixed>
NOTE: https://git.kernel.org/linus/fa4bff165070dc40a3de35b78e4f8da8e8d85ec5
NOTE: https://software.intel.com/security-software-guidance/software-guidance/microarchitectural-data-sampling
NOTE: https://xenbits.xen.org/xsa/advisory-297.html
+ NOTE: libvirt support for md-clear CPUID bit:
+ NOTE: https://libvirt.org/git/?p=libvirt.git;a=commit;h=538d873571d7a682852dc1d70e5f4478f4d64e85
CVE-2018-12129
RESERVED
CVE-2018-12128
@@ -51398,9 +51404,12 @@ CVE-2018-12127 [MLPDS Microarchitectural Load Port Data Sampling]
- linux 4.19.37-2
- xen <unfixed>
- qemu <unfixed> (bug #929067)
+ - libvirt <unfixed>
NOTE: https://git.kernel.org/linus/fa4bff165070dc40a3de35b78e4f8da8e8d85ec5
NOTE: https://software.intel.com/security-software-guidance/software-guidance/microarchitectural-data-sampling
NOTE: https://xenbits.xen.org/xsa/advisory-297.html
+ NOTE: libvirt support for md-clear CPUID bit:
+ NOTE: https://libvirt.org/git/?p=libvirt.git;a=commit;h=538d873571d7a682852dc1d70e5f4478f4d64e85
CVE-2018-12126 [MSBDS Microarchitectural Store Buffer Data Sampling]
RESERVED
{DSA-4447-1 DSA-4444-1 DLA-1789-1 DLA-1787-1}
@@ -51408,9 +51417,12 @@ CVE-2018-12126 [MSBDS Microarchitectural Store Buffer Data Sampling]
- linux 4.19.37-2
- xen <unfixed>
- qemu <unfixed> (bug #929067)
+ - libvirt <unfixed>
NOTE: https://git.kernel.org/linus/fa4bff165070dc40a3de35b78e4f8da8e8d85ec5
NOTE: https://software.intel.com/security-software-guidance/software-guidance/microarchitectural-data-sampling
NOTE: https://xenbits.xen.org/xsa/advisory-297.html
+ NOTE: libvirt support for md-clear CPUID bit:
+ NOTE: https://libvirt.org/git/?p=libvirt.git;a=commit;h=538d873571d7a682852dc1d70e5f4478f4d64e85
CVE-2018-12125
RESERVED
CVE-2018-12124
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e4ee6890d5ba03abef442d690320c1812537565e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e4ee6890d5ba03abef442d690320c1812537565e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190518/6fe90532/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list