Bug 663744

Summary:	kernel: Foreshadow aka L1 Terminal Fault (L1TF) (CVE-2018-{3615,3620,3646})
Product:	Gentoo Security	Reporter:	Alice Ferrazzi <alicef>
Component:	Vulnerabilities	Assignee:	Gentoo Kernel Security <security-kernel>
Status:	RESOLVED FIXED
Severity:	major	CC:	kernel, kfm, luke
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
See Also:	https://github.com/gentoo/gentoo/pull/9594
Whiteboard:	A2 [noglsa cve]
Package list:	sys-kernel/gentoo-sources-4.14.65 sys-kernel/gentoo-sources-4.9.122 sys-kernel/gentoo-sources-4.4.150	Runtime testing required:	---
Bug Depends on:
Bug Blocks:	663016, 663656

Description Alice Ferrazzi Gentoo Infrastructure

2018-08-16 00:23:58 UTC

cve-2018-3646 (https://access.redhat.com/security/cve/cve-2018-3646):
Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimisation) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks.

Reproducible: Always

Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev

2018-08-16 01:15:12 UTC

amd64 & x86 stable

Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev

2018-08-19 15:00:42 UTC

Bumping because recent kernels got another important patch for L1TF...

Comment 3 Larry the Git Cow gentoo-dev

2018-08-20 23:40:29 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e74c1453a18c20a8b8018b20a28cb4924440a08c

commit e74c1453a18c20a8b8018b20a28cb4924440a08c
Author:     kuzetsa <kuzetsa@gmail.com>
AuthorDate: 2018-08-16 23:51:13 +0000
Commit:     Göktürk Yüksek <gokturk@gentoo.org>
CommitDate: 2018-08-20 23:37:11 +0000

    sys-kernel/ck-sources: genpatches-4.14-69
    
    Bug: https://bugs.gentoo.org/663656
    Bug: https://bugs.gentoo.org/663744
    Package-Manager: Portage-2.3.40, Repoman-2.3.9

 sys-kernel/ck-sources/Manifest                  |  4 ++
 sys-kernel/ck-sources/ck-sources-4.14.63.ebuild | 64 +++++++++++++++++++++++++
 2 files changed, 68 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0f4ed7e4177dd3833429379205e3ffed37c8d2c6

commit 0f4ed7e4177dd3833429379205e3ffed37c8d2c6
Author:     kuzetsa <kuzetsa@gmail.com>
AuthorDate: 2018-08-16 23:49:00 +0000
Commit:     Göktürk Yüksek <gokturk@gentoo.org>
CommitDate: 2018-08-20 23:37:07 +0000

    sys-kernel/ck-sources: genpatches-4.9-124
    
    Bug: https://bugs.gentoo.org/663656
    Bug: https://bugs.gentoo.org/663744
    Package-Manager: Portage-2.3.40, Repoman-2.3.9

 sys-kernel/ck-sources/Manifest                  |  3 ++
 sys-kernel/ck-sources/ck-sources-4.9.120.ebuild | 59 +++++++++++++++++++++++++
 2 files changed, 62 insertions(+)

Comment 4 Sergei Trofimovich (RETIRED) gentoo-dev

2018-08-27 20:59:28 UTC

ia64 stable

Comment 5 Tobias Klausmann (RETIRED) gentoo-dev

2018-09-14 07:33:51 UTC

Stable on alpha.

Comment 6 Matt Turner gentoo-dev

2018-09-18 01:55:17 UTC

ppc/ppc64 stable

Comment 7 Sergei Trofimovich (RETIRED) gentoo-dev

2018-09-22 11:41:26 UTC

hppa stable

Comment 8 Mikle Kolyada (RETIRED) archtester

2018-11-25 10:17:45 UTC

arm stable

Comment 9 Rolf Eike Beer archtester

2019-01-02 09:44:48 UTC

sparc has 4.9.140 and 4.14.83 stable, and no 4.4.x version, so this should be fine.