Arch Linux

Please read this before reporting a bug:
https://wiki.archlinux.org/index.php/Reporting_Bug_Guidelines

Do NOT report bugs when a package is just outdated, or it is in Unsupported. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#58700 - [linux][linux-firmware][libvirt][qemu][intel-ucode] CVE-2018-3639 CVE-2018-3640

Attached to Project: Arch Linux
Opened by loqs (loqs) - Wednesday, 23 May 2018, 01:31 GMT
Last edited by Eli Schwartz (eschwartz) - Wednesday, 23 May 2018, 02:14 GMT
Task Type Bug Report
Category Security
Status Assigned
Assigned To Tobias Powalowski (tpowa)
Jan Steffens (heftig)
Laurent Carlier (lordheavy)
Anatol Pomozov (anatolik)
Levente Polyak (anthraxx)
Architecture All
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 0%
Votes 2
Private No

Details

CVE-2018-3639 Description:
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.
Kernel fixes in 4.14.43 4.16.11 (note requires new microcode / firmware update)
QEMU no new release relevant commits in git
https://git.qemu.org/?p=qemu.git;a=commit;h=d19d1f965904a533998739698020ff4ee8a103da
https://git.qemu.org/?p=qemu.git;a=commit;h=cfeea0c021db6234c154dbc723730e81553924ff
https://git.qemu.org/?p=qemu.git;a=commit;h=d19d1f965904a533998739698020ff4ee8a103da
libvirt no new release commits in git
https://libvirt.org/git/?p=libvirt.git;a=commit;h=1dbca2eccad58d91a5fd33962854f1a653638182
https://libvirt.org/git/?p=libvirt.git;a=commit;h=9267342206ce17f6933d57a3128cdc504d5945c9
CVE-2018-3640 Description:
Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a.
requires new microcode
This task depends upon

Comment by loqs (loqs) - Wednesday, 23 May 2018, 01:44 GMT
Should note the default kernel protection only applies to processes using seccomp or specifically opting in using prctl.
Comment by Jonathan Courtois (johnlamericain) - Friday, 15 June 2018, 18:37 GMT
I there any plan to address this?
Comment by loqs (loqs) - Friday, 15 June 2018, 22:50 GMT
For CVE-2018-3639 linux is fixed, qemu is fixed, linux-firmware which includes AMD microcode does not need updating as per https://xenbits.xen.org/xsa/xsa263-unstable/0001-x86-AMD-Mitigations-for-GPZ-SP4-Speculative-Store-By.patch that leaves no public microcode update from Intel and the patches for libvirt so that AMD systems could pass mitigations on to libvirt guests.
For CVE-2018-3640 that appears to be Intel only the mitigation is planned to be bundled with the microcode update with the mitigation for CVE-2018-3639.

Loading...