663744 – kernel: Foreshadow aka L1 Terminal Fault (L1TF) (CVE-2018-{3615,3620,3646})

Bug 663744 - kernel: Foreshadow aka L1 Terminal Fault (L1TF) (CVE-2018-{3615,3620,3646})

Summary: kernel: Foreshadow aka L1 Terminal Fault (L1TF) (CVE-2018-{3615,3620,3646})

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal major (vote)
Assignee:	Gentoo Kernel Security

URL:
Whiteboard:	A2 [noglsa cve]
Keywords:

Depends on:
Blocks:	CVE-2018-13405 CVE-2018-3615, CVE-2018-3620, CVE-2018-3646, L1TF
	Show dependency tree

Reported:	2018-08-16 00:23 UTC by Alice Ferrazzi
Modified:	2019-08-17 15:46 UTC (History)
CC List:	3 users (show)

See Also:	https://github.com/gentoo/gentoo/pull/9594
Package list:	sys-kernel/gentoo-sources-4.14.65 sys-kernel/gentoo-sources-4.9.122 sys-kernel/gentoo-sources-4.4.150
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alice Ferrazzi Gentoo Infrastructure

2018-08-16 00:23:58 UTC

cve-2018-3646 (https://access.redhat.com/security/cve/cve-2018-3646):
Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimisation) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks.

Reproducible: Always

Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev

2018-08-16 01:15:12 UTC

amd64 & x86 stable

Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev

2018-08-19 15:00:42 UTC

Bumping because recent kernels got another important patch for L1TF...

Comment 3 Larry the Git Cow gentoo-dev

2018-08-20 23:40:29 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e74c1453a18c20a8b8018b20a28cb4924440a08c

commit e74c1453a18c20a8b8018b20a28cb4924440a08c
Author:     kuzetsa <kuzetsa@gmail.com>
AuthorDate: 2018-08-16 23:51:13 +0000
Commit:     Göktürk Yüksek <gokturk@gentoo.org>
CommitDate: 2018-08-20 23:37:11 +0000

    sys-kernel/ck-sources: genpatches-4.14-69
    
    Bug: https://bugs.gentoo.org/663656
    Bug: https://bugs.gentoo.org/663744
    Package-Manager: Portage-2.3.40, Repoman-2.3.9

 sys-kernel/ck-sources/Manifest                  |  4 ++
 sys-kernel/ck-sources/ck-sources-4.14.63.ebuild | 64 +++++++++++++++++++++++++
 2 files changed, 68 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0f4ed7e4177dd3833429379205e3ffed37c8d2c6

commit 0f4ed7e4177dd3833429379205e3ffed37c8d2c6
Author:     kuzetsa <kuzetsa@gmail.com>
AuthorDate: 2018-08-16 23:49:00 +0000
Commit:     Göktürk Yüksek <gokturk@gentoo.org>
CommitDate: 2018-08-20 23:37:07 +0000

    sys-kernel/ck-sources: genpatches-4.9-124
    
    Bug: https://bugs.gentoo.org/663656
    Bug: https://bugs.gentoo.org/663744
    Package-Manager: Portage-2.3.40, Repoman-2.3.9

 sys-kernel/ck-sources/Manifest                  |  3 ++
 sys-kernel/ck-sources/ck-sources-4.9.120.ebuild | 59 +++++++++++++++++++++++++
 2 files changed, 62 insertions(+)

Comment 4 Sergei Trofimovich (RETIRED) gentoo-dev

2018-08-27 20:59:28 UTC

ia64 stable

Comment 5 Tobias Klausmann (RETIRED) gentoo-dev

2018-09-14 07:33:51 UTC

Stable on alpha.

Comment 6 Matt Turner gentoo-dev

2018-09-18 01:55:17 UTC

ppc/ppc64 stable

Comment 7 Sergei Trofimovich (RETIRED) gentoo-dev

2018-09-22 11:41:26 UTC

hppa stable

Comment 8 Mikle Kolyada (RETIRED) archtester

2018-11-25 10:17:45 UTC

arm stable

Comment 9 Rolf Eike Beer archtester

2019-01-02 09:44:48 UTC

sparc has 4.9.140 and 4.14.83 stable, and no 4.4.x version, so this should be fine.