Retire CVE-2018-3665

1 files changed, 24 insertions, 0 deletions

diff --git a/retired/CVE-2018-3665 b/retired/CVE-2018-3665
new file mode 100644
index 00000000..f57fffa2
--- /dev/null
+++ b/retired/CVE-2018-3665
@@ -0,0 +1,24 @@
+Description: speculative register leakage from lazy FPU context switching
+References:
+ https://xenbits.xen.org/xsa/advisory-267.html
+ https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.html
+Notes:
+ carnil> Since 58122bf1d856a4ea9581d62a07c557d997d46a19 (4.6-rc1)
+ carnil> "x86/fpu: Default eagerfpu=on on all CPUs" and then since
+ carnil> ca6938a1cd8a1c5e861a99b67f84ac166fc2b9e7 (4.10-rc1) "x86/fpu:
+ carnil> Hard-disable lazy FPU mode".
+ carnil> Might be still sensible to apply the patch for 4.9-upstream-stable
+ carnil> x86-fpu-hard-disable-lazy-fpu-mode.patch for stretch.
+ bwh> Several more fixes were needed to make eagerfpu work on CPUs
+ bwh> without an FPU or FXSR, and they aren't practical to backport
+ bwh> to 3.16.  I've prepared a fix that enables eagerfpu by default
+ bwh> if FPU and FXSR are available.  This leaves the PPro and K6
+ bwh> family vulnerable since they do speculative execution but don't
+ bwh> implement FXSR.
+Bugs:
+upstream: released (4.6-rc1) [58122bf1d856a4ea9581d62a07c557d997d46a19]
+4.9-upstream-stable: N/A "Fixed before branching point"
+3.16-upstream-stable: released (3.16.58) [d4f06dfa574db2af1de3ade75fb04240a94f19dc]
+sid: released (4.6.1-1)
+4.9-stretch-security: N/A "Fixed before branching point"
+3.16-jessie-security: released (3.16.57-1) [bugfix/x86/x86-fpu-default-eagerfpu-if-fpu-and-fxsr-are-enabled.patch]