blob: 1be10453bc66f88a3ed57d13d290e8ae0d58c15c (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
Description: XSA-274: Uninitialized state in PV syscall return path
References:
https://xenbits.xen.org/xsa/advisory-274.html
Notes:
carnil> Fixes 3ac6d8c787b8 ("x86/entry/64: Clear registers for
carnil> exceptions/interrupts, to reduce speculation attack surface")
carnil> which was cc'ed to stable@vger.kernel.org.
carnil> Seems to have been applied to 4.14+
carnil> But according to Andy Lutomirski malicious userspace could
canril> possibly use the respective fixed bug to crash the kernel
carnil> even withouth the offending patch (3ac6d8c787b8) applied.
Bugs:
upstream: released (4.18-rc8) [b3681dd548d06deb2e1573890829dff4b15abf46]
4.9-upstream-stable: released (4.9.124) [987156381c5f875d75ef1f7cc29994d82f646dad]
3.16-upstream-stable: released (3.16.58) [x86-entry-64-remove-ebx-handling-from-error_entry-exit.patch]
sid: released (4.17.14-1)
4.9-stretch-security: released (4.9.110-3+deb9u5) [bugfix/x86/x86-entry-64-Remove-ebx-handling-from-error_entry-ex.patch]
3.16-jessie-security: released (3.16.59-1)
|