Summary: | L1 Terminal Fault (L1TF) | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | kfm | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | normal | CC: | kernel | ||||
Priority: | Normal | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
URL: | https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html | ||||||
See Also: | https://github.com/gentoo/gentoo/pull/9594 | ||||||
Whiteboard: | |||||||
Package list: | Runtime testing required: | --- | |||||
Bug Depends on: | 663744 | ||||||
Bug Blocks: | |||||||
Attachments: |
|
Description
kfm
2018-08-15 02:13:27 UTC
More information ... * https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3615 * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3620 * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3646 * https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=958f338 * http://seclists.org/oss-sec/2018/q3/113 (Xen) * https://blogs.oracle.com/oraclesecurity/intel-l1tf (Oracle) * https://blogs.technet.microsoft.com/srd/2018/08/14/analysis-and-mitigation-of-l1-terminal-fault-l1tf/ (Microsoft) * https://youtu.be/n_pa2AisRUs (Intel) * https://youtu.be/kqg8_KH2OIQ (Red Hat) The Oracle article states: "Intel reports that the microcode update it has released for the Spectre 3a (CVE-2018-3640) and Spectre 4 (CVE-2018-3639) vulnerabilities also contains the microcode instructions which can be used to mitigate the L1TF vulnerabilities. Updated microcode by itself is not sufficient to protect against L1TF." Re-assigning to security@ because this isn't a kernel vulnerability per se. 4.4.148, 4.9.120, 4.14.63 and 4.17.15 have been released. It was subsequently discovered that a build error occurs if CONFIG_KVM_INTEL is disabled. Therefore, genpatches would need to include the attached patch, which will land in the next round of stable releases. Created attachment 543604 [details, diff]
x86-l1tf-fix-build-error-seen-if-config_kvm_intel-is-disabled.patch
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e74c1453a18c20a8b8018b20a28cb4924440a08c commit e74c1453a18c20a8b8018b20a28cb4924440a08c Author: kuzetsa <kuzetsa@gmail.com> AuthorDate: 2018-08-16 23:51:13 +0000 Commit: Göktürk Yüksek <gokturk@gentoo.org> CommitDate: 2018-08-20 23:37:11 +0000 sys-kernel/ck-sources: genpatches-4.14-69 Bug: https://bugs.gentoo.org/663656 Bug: https://bugs.gentoo.org/663744 Package-Manager: Portage-2.3.40, Repoman-2.3.9 sys-kernel/ck-sources/Manifest | 4 ++ sys-kernel/ck-sources/ck-sources-4.14.63.ebuild | 64 +++++++++++++++++++++++++ 2 files changed, 68 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0f4ed7e4177dd3833429379205e3ffed37c8d2c6 commit 0f4ed7e4177dd3833429379205e3ffed37c8d2c6 Author: kuzetsa <kuzetsa@gmail.com> AuthorDate: 2018-08-16 23:49:00 +0000 Commit: Göktürk Yüksek <gokturk@gentoo.org> CommitDate: 2018-08-20 23:37:07 +0000 sys-kernel/ck-sources: genpatches-4.9-124 Bug: https://bugs.gentoo.org/663656 Bug: https://bugs.gentoo.org/663744 Package-Manager: Portage-2.3.40, Repoman-2.3.9 sys-kernel/ck-sources/Manifest | 3 ++ sys-kernel/ck-sources/ck-sources-4.9.120.ebuild | 59 +++++++++++++++++++++++++ 2 files changed, 62 insertions(+) |