Reitre some CVEs

author: Salvatore Bonaccorso <carnil@debian.org> 2019-12-17 21:27:23 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2019-12-17 21:27:23 +0100
commit: fb85f53d5711e33daa12abd7f6544d9b7e5b33ae (patch)
tree: 8fef188916c60717a6e09523c464be7f51e14142 /retired/CVE-2019-19602
parent: 0a319dad7797fe9fc4d5a5f97823c9c005c19c37 (diff)
1 files changed, 16 insertions, 0 deletions
diff --git a/retired/CVE-2019-19602 b/retired/CVE-2019-19602
new file mode 100644
index 00000000..ca01ac98
--- /dev/null
+++ b/retired/CVE-2019-19602
@@ -0,0 +1,16 @@
+Description: x86/fpu: Don't cache access to fpu_fpregs_owner_ctx
+References:
+ https://bugzilla.kernel.org/show_bug.cgi?id=205663
+ https://github.com/golang/go/issues/35777#issuecomment-561935388
+Notes:
+ carnil> Introduced in 5f409e20b7945 ("x86/fpu: Defer FPU state load
+ carnil> until return to userspace") which is 5.2-rc1.
+Bugs:
+upstream: released (5.5-rc1) [59c4bd853abcea95eccc167a7d7fd5f1a5f47b98]
+4.19-upstream-stable: N/A "Vulnerable code introduced later"
+4.9-upstream-stable: N/A "Vulnerable code introduced later"
+3.16-upstream-stable: N/A "Vulnerable code introduced later"
+sid: released (5.3.15-1)
+4.19-buster-security: N/A "Vulnerable code introduced later"
+4.9-stretch-security: N/A "Vulnerable code introduced later"
+3.16-jessie-security: N/A "Vulnerable code introduced later"
author	Salvatore Bonaccorso <carnil@debian.org>	2019-12-17 21:27:23 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2019-12-17 21:27:23 +0100
commit	fb85f53d5711e33daa12abd7f6544d9b7e5b33ae (patch)
tree	8fef188916c60717a6e09523c464be7f51e14142 /retired/CVE-2019-19602
parent	0a319dad7797fe9fc4d5a5f97823c9c005c19c37 (diff)