Retire CVE-2019-19338

1 files changed, 17 insertions, 0 deletions

diff --git a/retired/CVE-2019-19338 b/retired/CVE-2019-19338
new file mode 100644
index 00000000..3a740e22
--- /dev/null
+++ b/retired/CVE-2019-19338
@@ -0,0 +1,17 @@
+Description: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=1781514
+ https://www.openwall.com/lists/oss-security/2019/12/10/3
+Notes:
+ carnil> Issue actually only for distro kernels which do not include
+ carnil> commit commit e1d38b63acd8 ("kvm/x86: Export MDS_NO=0 to guests
+ carnil> when TSX is enabled") and have TSX enabled by default.
+Bugs:
+upstream: released (5.5-rc1) [cbbaa2727aa3ae9e0a844803da7cef7fd3b94f2b, c11f83e0626bdc2b6c550fc8b9b6eeefbd8cefaa, b07a5c53d42a8c87b208614129e947dd2338ff9c]
+4.19-upstream-stable: ignored "Commits might be backported, but vulnerability specific to distro kernels"
+4.9-upstream-stable: ignored "Commits might be backported, but vulnerability specific to distro kernels"
+3.16-upstream-stable: ignored "Commits might be backported, but vulnerability specific to distro kernels"
+sid: N/A "Vulnerability due to incomplete fix not introduced"
+4.19-buster-security: N/A "Vulnerability due to incomplete fix not introduced"
+4.9-stretch-security: N/A "Vulnerability due to incomplete fix not introduced"
+3.16-jessie-security: N/A "Vulnerability due to incomplete fix not introduced"