Summary: | <app-emulation/xen-{4.15.5_pre1,4.16.4_pre1}: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | IN_PROGRESS --- | ||
Severity: | normal | CC: | hydrapolic, proxy-maint, xen |
Priority: | Normal | Keywords: | PullRequest |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: | https://github.com/gentoo/gentoo/pull/30596 | ||
Whiteboard: | ?? [glsa? cleanup] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 904469 | ||
Bug Blocks: |
Description
John Helmert III
![]() ![]() ![]() ![]() CVE-2022-27672 (https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1045): When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch potentially resulting in information disclosure. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3dec50197211678506c555e5ee8c05eb73ec3c7f commit 3dec50197211678506c555e5ee8c05eb73ec3c7f Author: Tomáš Mózes <hydrapolic@gmail.com> AuthorDate: 2023-04-14 16:42:46 +0000 Commit: Florian Schmaus <flow@gentoo.org> CommitDate: 2023-04-17 08:12:49 +0000 app-emulation/xen-tools: add upstream patches Bug: https://bugs.gentoo.org/903624 Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com> Signed-off-by: Florian Schmaus <flow@gentoo.org> app-emulation/xen-tools/Manifest | 3 + .../xen-tools/xen-tools-4.15.5_pre1.ebuild | 541 +++++++++++++++++++++ .../xen-tools/xen-tools-4.16.4_pre1.ebuild | 532 ++++++++++++++++++++ 3 files changed, 1076 insertions(+) Thanks! Please cleanup |