blob: 516fd93e80258cc266d5ca5bfac5b5af46739174 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
Description: speculative bounds check bypass store (Spectre v1.1)
References:
https://01.org/security/advisories/intel-oss-10002
https://access.redhat.com/solutions/3523601
https://bugzilla.redhat.com/show_bug.cgi?id=1581650
https://people.csail.mit.edu/vlk/spectre11.pdf
Notes:
carnil> 3b78ce4a34b761c7fe13520de822984019ff1a8f (4.17-rc7) merges
carnil> the speculative store buffer bypass fixes (for x86 side).
bwh> The above merge only addresses only SSB (CVE-2018-3639).
bwh> This issue (CVE-2018-3693) is closely related to Spectre v1
bwh> (CVE-2017-5753) and is being mitigated in a similar way, using
bwh> array_index_nospec(). The same as with Spectre v1, this will
bwh> be an ongoing process.
carnil> As it is closely related enough to CVE-2017-5753 marked
carnil> the CVE as fixed with the same versions. This is not fully
carnil> correct, but the whole process was an ongoing task from the
carnil> kernel community with several followup fixes.
Bugs:
upstream: released (4.16-rc4)
5.10-upstream-stable: N/A "Fixed before branching point"
4.19-upstream-stable: N/A "Fixed before branching point"
4.9-upstream-stable: released (4.9.88)
3.16-upstream-stable: ignored "EOL"
sid: released (4.15.11-1)
4.19-buster-security: N/A "Fixed before branching point"
4.9-stretch-security: released (4.9.88-1)
3.16-jessie-security: ignored "EOL"
|
