From 08e581f4594ed7eb4ad77bff31321c6b33097749 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Mon, 30 May 2016 05:08:50 +0000
Subject: Retire CVE-2016-4440

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@4422 e094ebfe-e918-0410-adfb-c712417f3574
---
 retired/CVE-2016-4440 | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 retired/CVE-2016-4440

(limited to 'retired/CVE-2016-4440')

diff --git a/retired/CVE-2016-4440 b/retired/CVE-2016-4440
new file mode 100644
index 00000000..3f80bced
--- /dev/null
+++ b/retired/CVE-2016-4440
@@ -0,0 +1,16 @@
+Description: kvm: vmx: incorrect state update leading to MSR access
+References:
+ http://permalink.gmane.org/gmane.comp.emulators.kvm.devel/152191
+ http://comments.gmane.org/gmane.comp.emulators.kvm.devel/152100
+Notes:
+ bwh> Based on the discussion, this appears to have been introduced in 4.5 by
+ bwh> commits d62caabb41f33d96333f9ef15e09cd26e1c12760 and
+ bwh> 5c919412fe61c35947816fdbd5f7bd09fe0dd073
+Bugs:
+ https://bugzilla.redhat.com/show_bug.cgi?id=1337806
+upstream: released (4.7-rc1) [3ce424e45411cf5a13105e0386b6ecf6eeb4f66f]
+3.16-upstream-stable: N/A "Vulnerable code not present"
+3.2-upstream-stable: N/A "Vulnerable code not present"
+sid: released (4.5.5-1) [bugfix/x86/kvm-vmx-more-complete-state-update-on-apicv-on-off.patch]
+3.16-jessie-security: N/A "Vulnerable code not present"
+3.2-wheezy-security: N/A "Vulnerable code not present"
-- 
cgit v1.2.3