Commit e4ee6890 authored by Salvatore Bonaccorso's avatar Salvatore Bonaccorso

Add libvirt tracking for MDS vulnerabilities as well

It's not directly an issue in libvirt, but to protect VM users as well
when the microcode  provides the mechanism to invoke a flush of various
exploitable CPU buffers by invoking the VERW instruction, libvirt needs
to define the md-clear CPUID bit as well for quests.

Track respective libvirt fixes as well under the CVE-2018-12126,
CVE-2018-12127, CVE-2018-12130 and CVE-2019-11091 ids.
parent 94ab9f0f
......@@ -2484,9 +2484,12 @@ CVE-2019-11091 [MDSUM Microarchitectural Data Sampling Uncacheable Memory]
- linux 4.19.37-2
- xen <unfixed>
- qemu <unfixed> (bug #929067)
- libvirt <unfixed>
NOTE: https://git.kernel.org/linus/fa4bff165070dc40a3de35b78e4f8da8e8d85ec5
NOTE: https://software.intel.com/security-software-guidance/software-guidance/microarchitectural-data-sampling
NOTE: https://xenbits.xen.org/xsa/advisory-297.html
NOTE: libvirt support for md-clear CPUID bit:
NOTE: https://libvirt.org/git/?p=libvirt.git;a=commit;h=538d873571d7a682852dc1d70e5f4478f4d64e85
CVE-2019-11090
RESERVED
CVE-2019-11089
......@@ -51384,9 +51387,12 @@ CVE-2018-12130 [MFBDS Microarchitectural Fill Buffer Data Sampling]
- linux 4.19.37-2
- xen <unfixed>
- qemu <unfixed> (bug #929067)
- libvirt <unfixed>
NOTE: https://git.kernel.org/linus/fa4bff165070dc40a3de35b78e4f8da8e8d85ec5
NOTE: https://software.intel.com/security-software-guidance/software-guidance/microarchitectural-data-sampling
NOTE: https://xenbits.xen.org/xsa/advisory-297.html
NOTE: libvirt support for md-clear CPUID bit:
NOTE: https://libvirt.org/git/?p=libvirt.git;a=commit;h=538d873571d7a682852dc1d70e5f4478f4d64e85
CVE-2018-12129
RESERVED
CVE-2018-12128
......@@ -51398,9 +51404,12 @@ CVE-2018-12127 [MLPDS Microarchitectural Load Port Data Sampling]
- linux 4.19.37-2
- xen <unfixed>
- qemu <unfixed> (bug #929067)
- libvirt <unfixed>
NOTE: https://git.kernel.org/linus/fa4bff165070dc40a3de35b78e4f8da8e8d85ec5
NOTE: https://software.intel.com/security-software-guidance/software-guidance/microarchitectural-data-sampling
NOTE: https://xenbits.xen.org/xsa/advisory-297.html
NOTE: libvirt support for md-clear CPUID bit:
NOTE: https://libvirt.org/git/?p=libvirt.git;a=commit;h=538d873571d7a682852dc1d70e5f4478f4d64e85
CVE-2018-12126 [MSBDS Microarchitectural Store Buffer Data Sampling]
RESERVED
{DSA-4447-1 DSA-4444-1 DLA-1789-1 DLA-1787-1}
......@@ -51408,9 +51417,12 @@ CVE-2018-12126 [MSBDS Microarchitectural Store Buffer Data Sampling]
- linux 4.19.37-2
- xen <unfixed>
- qemu <unfixed> (bug #929067)
- libvirt <unfixed>
NOTE: https://git.kernel.org/linus/fa4bff165070dc40a3de35b78e4f8da8e8d85ec5
NOTE: https://software.intel.com/security-software-guidance/software-guidance/microarchitectural-data-sampling
NOTE: https://xenbits.xen.org/xsa/advisory-297.html
NOTE: libvirt support for md-clear CPUID bit:
NOTE: https://libvirt.org/git/?p=libvirt.git;a=commit;h=538d873571d7a682852dc1d70e5f4478f4d64e85
CVE-2018-12125
RESERVED
CVE-2018-12124
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment