Summary: | Speculative Store Bypass (Spectre v4) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | D'juan McDonald (domhnall) <flopwiki> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | hydrapolic, kernel, kfm, virtualization, xen |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://xenbits.xen.org/xsa/advisory-263.txt | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 664052, 664054, 664062 | ||
Bug Blocks: |
Description
D'juan McDonald (domhnall)
2018-08-13 10:54:08 UTC
Also known as Spectre Variant 3a. Adding kernel@ because this isn't simply a matter for Xen users. These are the earliest mainline kernel releases in which mitigating patches started to appear: * 4.4.144 * 4.9.102 * 4.14.43 * 4.16.11 # cat /sys/devices/system/cpu/vulnerabilities/spec_store_bypass Mitigation: Speculative Store Bypass disabled via prctl and seccomp Sorry, Variant 4, not 3a. It's getting harder to keep track of them all :( >=4.17 can be added to the aforementioned list of kernels. Also, note the new "spec_store_bypass_disable" parameter, per https://www.kernel.org/doc/html/latest/admin-guide/kernel-parameters.html.
QEMU 3.0 provides support for the "ssbd" CPUID flag. See also bug 664052. I've requested that the patch to support ssbd be backported to qemu-2.12 - and have attached said patch - in bug 664054. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=55679e9cfb47c803931db687f2e3f510d66d91d1 commit 55679e9cfb47c803931db687f2e3f510d66d91d1 Author: Matthias Maier <tamiko@gentoo.org> AuthorDate: 2018-08-19 17:37:22 +0000 Commit: Matthias Maier <tamiko@gentoo.org> CommitDate: 2018-08-19 17:37:22 +0000 app-emulation/qemu: drop version 2.11.* Bug: https://bugs.gentoo.org/663502 Package-Manager: Portage-2.3.47, Repoman-2.3.10 app-emulation/qemu/Manifest | 2 - .../qemu/files/qemu-2.11.0-glibc-2.27.patch | 54 -- app-emulation/qemu/qemu-2.11.1-r2.ebuild | 805 --------------------- 3 files changed, 861 deletions(-) This has been patched in 2018. NO GLSA |