From de8ca9412c6bd61b168112a7d99cc4cea7470091 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Sat, 17 Oct 2020 08:44:07 +0200
Subject: Update status for CVE-2020-27152

---
 active/CVE-2020-27152 | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/active/CVE-2020-27152 b/active/CVE-2020-27152
index 7bb5daa5..b9e11a41 100644
--- a/active/CVE-2020-27152
+++ b/active/CVE-2020-27152
@@ -3,10 +3,15 @@ References:
  https://bugzilla.redhat.com/show_bug.cgi?id=1888886
  https://bugzilla.kernel.org/show_bug.cgi?id=208767
 Notes:
+ carnil> ioapic_lazy_update_eoi() was introduced in f458d039db7e ("kvm:
+ carnil> ioapic: Lazy update IOAPIC EOI") in 5.6-rc1 (and not
+ carnil> backported).
+ carnil> The issue is not fixed by 8be8f932e3db ("kvm: ioapic: Restrict
+ carnil> lazy EOI update to edge-triggered interrupts").
 Bugs:
-upstream:
-4.19-upstream-stable:
-4.9-upstream-stable:
-sid:
-4.19-buster-security:
-4.9-stretch-security:
+upstream: needed
+4.19-upstream-stable: N/A "Vulnerable code not present"
+4.9-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+4.19-buster-security: N/A "Vulnerable code not present"
+4.9-stretch-security: N/A "Vulnerable code not present"
-- 
cgit v1.2.3