summaryrefslogtreecommitdiffstats
path: root/retired/CVE-2017-5715
blob: 4d7687abe045e08a2abe21f1ff5f90d3e16ab094 (plain) (blame) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35

Description: Branch target injection
References:
 https://spectreattack.com/
 https://lkml.org/lkml/2018/1/4/955
Notes:
 carnil> partial mitigations via 0cb5b30698fdc8f6b4646012e3acb4ddce430788
 carnil> "kvm: vmx: Scrub hardware GPRs at VM-exit" in 4.15-rc7
 carnil> Initial support for mitigation work for Spectre variant 2
 carnil> (indirect branch speculation) vulnerability included in
 carnil> 4.15-rc8, 4.14.14-rc1, 4.9.77-rc1.
 carnil> Mark the entries which included initial retpoline support
 carnil> to mitigate Spectre v2 as the 'fixed' ones. Still work on
 carnil> microcode and/or gcc is needed to be effective.
 carnil> Unclear if we should as well mark it as pending for the
 carnil> Debian branches, so not yet added a marking for the sid
 carnil> branch accordingly.
 carnil> 4.14.17-1 upload enforces a dependency on the used compiler
 carnil> with retpoline support.
 carnil> 4.9.82-1+deb9u1 upload enforces a dependency on the used
 carnil> compiler with retpoline support.
 bwh> The list of upstream commits and the status below are for x86 only.
 bwh> For arm64, we would probably need: be04a6d1126b02c6a28741155b899d648739fc5b, 0f15adbb2861ce6f75ccfc5a92b19eae0ef327d0, f3d795d9b360523beca6d13ba64c2c532f601149
 bwh> For s390x, we would probably need: d768bd892fc8f066cd3aa000eb1867bcf32db0ee, f19fbd5ed642dc31c809596412dab1ed56f2f156
 bwh> 3.2.101 and 3.16.56 stable updates included retpoline support.
 bwh> Microcode-based support is pending for 3.16 but I won't try
 bwh> backporting it to 3.2.
Bugs:
upstream: released (4.16-rc4) [99c6fa2511d8a683e61468be91b83f85452115fa, 87590ce6e373d1a5401f6539f0c59ef92dd924a9, 61dc0f555b5c761cdafb0ba5bd41ecf22d68a4c4, e4d0e84e490790798691aaa0f2e598637f1867ec, 39b735332cb8b33a27c28592d969e4016c86c3ea, 258c76059cece01bebae098e81bacb1af2edad17, 76b043848fd22dbf7f8bf3a1452f8c70d557b860, da285121560e769cc31797bba6422eea71d473e0, 9697fa39efd3fc3692f2949d4045f393ec58450b, 2641f08bb7fc63a636a2b18173221d7040a3512e, 9351803bd803cdbeb9b5a7850b7b6f464806e3db, e70e5892b28c18f517f29ab6e83bd57705104b31, ea08816d5b185ab3d09e95e393f265af54560350, 5096732f6f695001fa2d6f1335a2680b37912c69, 7614e913db1f40fff819b36216484dc3808995d4, 117cc7a908c83697b0b737d15ae1eb5943afe35b, b8b9ce4b5aec8de9e23cabb0a26b78641f9ab1d6, c995efd5a740d9cbafbf58bde4973e8b50b4d761, 28d437d550e1e39f805d99f9f8ac399c778827b7, 6f41c34d69eb005e7848716bbcafc979b35037d5, 736e80a4213e9bbce40a7c050337047128b472ac, 3f7d875566d8e79c5e0b2c9a413e91b2c29e0854, 1a29b5b7f347a1a9230c1e0af5b37e3e571588ab, c940a3fb1e2e9b7d03228ab28f375fb5a47ff699, caf7501a1b4ec964190f31f9c3f163de252273b8, 95ca0ee8636059ea2800dfbac9ecac6212d6b38f, fc67dd70adb711a45d2ef34e12d1a8be75edde61, 5d10cbc91d9eb5537998b65608441b592eec65e7, 1e340c60d0dd3ae07b5bedc16a0469c14b9f3410, a5b2966364538a0e68c9fa29bc0a3a1651799035, 20ffa1caecca4db8f79fe665acdeaa5af815a24d, 7a32fc51ca938e67974cbb9db31e1a43f98345a9, 55fa19d3e51f33d9cd4056d25836d93abf9438db, de3a0021a60635de96aa92713c1a31a96747d72c, f21f165ef922c2146cc5bdc620f542953c41714b, e383095c7fe8d218e00ec0f83e4b95ed4e627b02, 2961298efe1ea1b6fc0d7ee8b76018fa6c0bcef2, a845c7cf4b4cb5e9e3b2823867892b27646f3a98, 17bc33914bcc98ba3c6b426fd1c49587a25c0597, 9471eee9186a46893726e22ebb54cade3f9bc043, e698dcdfcda41efd0984de539767b4cddd235f1e, 7fcae1118f5fd44a862aa5c3525248e35ee67c3b, 18bf3c3ea8ece8f03b6fc58508f2dfd23c7711c7, 12c69f1e94c89d40696e83804dd2f0965b5250cd, 904e14fb7cb96401a7dc803ca2863fd5ba32ffe6, 9005c6834c0ffdfe46afa76656bd9276cca864f6, af189c95a371b59f493dbe0f50c0a09724868881, 15d45071523d89b3fb7372e2135fbd72f6af9506, d28b387fb74da95d69d2615732f50cceb38e9a4d, 1751342095f0d2b36fa8114d8e12c5688c455ac4, d37fc6d360a404b208547ba112e7dabb6533c7fc, ea00f301285ea2f07393678cd2b6057878320c9d, 9de29eac8d2189424d81c0d840cd0469aa3d41c8, dd84441a797150dcc49298ec95c459a8891d8bb1, d72f4e29e6d84b7ec02ae93088aa459ac70e733b, a493a87f38cfa48caaa95c9347be2d914c6fdf29, ecb586bd29c99fb4de599dec388658e74388daad]
4.9-upstream-stable: released (4.9.88)
3.16-upstream-stable: released (3.16.57) [x86-cpufeatures-add-intel-feature-bits-for-speculation-control.patch, x86-cpufeatures-add-amd-feature-bits-for-speculation-control.patch, x86-msr-add-definitions-for-new-speculation-control-msrs.patch, x86-cpufeature-blacklist-spec_ctrl-pred_cmd-on-early-spectre-v2-microcodes.patch, x86-speculation-add-basic-ibpb-indirect-branch-prediction-barrier-support.patch, kvm-nvmx-eliminate-vmcs02-pool.patch, kvm-vmx-introduce-alloc_loaded_vmcs.patch, x86-cpufeatures-clean-up-spectre-v2-related-cpuid-flags.patch, x86-cpuid-fix-up-virtual-ibrs-ibpb-stibp-feature-bits-on-intel.patch, x86-speculation-use-indirect-branch-prediction-barrier-in-context-switch.patch, kvm-vmx-make-msr-bitmaps-per-vcpu.patch, kvm-x86-add-ibpb-support.patch, kvm-vmx-allow-direct-access-to-msr_ia32_spec_ctrl.patch, x86-speculation-update-speculation-control-microcode-blacklist.patch, x86-speculation-correct-speculation-control-microcode-blacklist-again.patch, x86-speculation-use-ibrs-if-available-before-calling-into-firmware.patch, x86-speculation-move-firmware_restrict_branch_speculation_-from-c-to-cpp.patch, kvm-x86-remove-indirect-msr-op-calls-from-spec_ctrl.patch]
3.2-upstream-stable: released (3.2.101)
sid: released (4.15.11-1)
4.9-stretch-security: released (4.9.88-1)
3.16-jessie-security: released (3.16.57-1)
3.2-wheezy-security: released (3.2.101-1)

© 2014-2024 Faster IT GmbH | imprint | privacy policy