[Pkg-libvirt-maintainers] Bug#929154: libvirt: cpu_map: Define md-clear CPUID bit (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091)
Salvatore Bonaccorso
carnil at debian.org
Sat May 18 10:15:22 BST 2019
Source: libvirt
Version: 5.0.0-2
Severity: grave
Tags: security upstream
Control: found -1 3.0.0-4+deb9u3
Control: found -1 3.0.0-4
Hi
libvirt need to define md-clear CPUID bit for the MDS vulnerabilites.
There is
https://libvirt.org/git/?p=libvirt.git;a=commit;h=538d873571d7a682852dc1d70e5f4478f4d64e85
> cpu_map: Define md-clear CPUID bit
>
> CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
>
> The bit is set when microcode provides the mechanism to invoke a flush
> of various exploitable CPU buffers by invoking the VERW instruction.
The issues are not really in libvirt itself, but to protect VM users
libvirt would need as well an update.
Regards,
Salvatore
More information about the Pkg-libvirt-maintainers
mailing list