cve-2018-3646 (https://access.redhat.com/security/cve/cve-2018-3646): Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimisation) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks. Reproducible: Always
amd64 & x86 stable
Bumping because recent kernels got another important patch for L1TF...
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e74c1453a18c20a8b8018b20a28cb4924440a08c commit e74c1453a18c20a8b8018b20a28cb4924440a08c Author: kuzetsa <kuzetsa@gmail.com> AuthorDate: 2018-08-16 23:51:13 +0000 Commit: Göktürk Yüksek <gokturk@gentoo.org> CommitDate: 2018-08-20 23:37:11 +0000 sys-kernel/ck-sources: genpatches-4.14-69 Bug: https://bugs.gentoo.org/663656 Bug: https://bugs.gentoo.org/663744 Package-Manager: Portage-2.3.40, Repoman-2.3.9 sys-kernel/ck-sources/Manifest | 4 ++ sys-kernel/ck-sources/ck-sources-4.14.63.ebuild | 64 +++++++++++++++++++++++++ 2 files changed, 68 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0f4ed7e4177dd3833429379205e3ffed37c8d2c6 commit 0f4ed7e4177dd3833429379205e3ffed37c8d2c6 Author: kuzetsa <kuzetsa@gmail.com> AuthorDate: 2018-08-16 23:49:00 +0000 Commit: Göktürk Yüksek <gokturk@gentoo.org> CommitDate: 2018-08-20 23:37:07 +0000 sys-kernel/ck-sources: genpatches-4.9-124 Bug: https://bugs.gentoo.org/663656 Bug: https://bugs.gentoo.org/663744 Package-Manager: Portage-2.3.40, Repoman-2.3.9 sys-kernel/ck-sources/Manifest | 3 ++ sys-kernel/ck-sources/ck-sources-4.9.120.ebuild | 59 +++++++++++++++++++++++++ 2 files changed, 62 insertions(+)
ia64 stable
Stable on alpha.
ppc/ppc64 stable
hppa stable
arm stable
sparc has 4.9.140 and 4.14.83 stable, and no 4.4.x version, so this should be fine.