retire

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@4928 e094ebfe-e918-0410-adfb-c712417f3574
author: Moritz Muehlenhoff <jmm@debian.org> 2017-02-15 15:00:39 +0000
committer: Moritz Muehlenhoff <jmm@debian.org> 2017-02-15 15:00:39 +0000
commit: ee22a505b978b53bd6b02780e127082697601069 (patch)
tree: c3c2d5547edd3e8dd753cea490af70d2aa8ffc9f /retired/CVE-2014-9870
parent: 1de4ab06c8a01af4fec9e658b58018d055f85037 (diff)
1 files changed, 18 insertions, 0 deletions
diff --git a/retired/CVE-2014-9870 b/retired/CVE-2014-9870
new file mode 100644
index 00000000..1a9bbfb8
--- /dev/null
+++ b/retired/CVE-2014-9870
@@ -0,0 +1,18 @@
+Description: 
+References:
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9870
+ http://source.android.com/security/bulletin/2016-08-01.html
+ https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=4f57652fcd2dce7741f1ac6dc0417e2f265cd1de
+Notes:
+ bwh> I can't see how this is a security issue.  There was an earlier issue
+ bwh> that TPIDRURW leaked between tasks, but that was fixed by commit
+ bwh> 6a1c53124aa1 "ARM: 7403/1: tls: remove covert channel via TPIDRURW"
+ bwh> in 3.4-rc1 and 3.2.17.  Possibly the security impact is specific to
+ bwh> the way Qualcomm was (ab)using TPIDRURW?
+Bugs:
+upstream: released (3.11-rc1) [a4780adeefd042482f624f5e0d577bf9cdcbb760]
+3.16-upstream-stable: N/A
+3.2-upstream-stable: ignored "appears to be specific to Qualcomm Android"
+sid: released (3.11.5-1)
+3.16-jessie-security: N/A
+3.2-wheezy-security: ignored "appears to be specific to Qualcomm Android"
author	Moritz Muehlenhoff <jmm@debian.org>	2017-02-15 15:00:39 +0000
committer	Moritz Muehlenhoff <jmm@debian.org>	2017-02-15 15:00:39 +0000
commit	ee22a505b978b53bd6b02780e127082697601069 (patch)
tree	c3c2d5547edd3e8dd753cea490af70d2aa8ffc9f /retired/CVE-2014-9870
parent	1de4ab06c8a01af4fec9e658b58018d055f85037 (diff)