[kernel-sec-discuss] r3790 - active retired

Moritz Muehlenhoff jmm at moszumanska.debian.org
Tue May 19 08:20:58 UTC 2015


Author: jmm
Date: 2015-05-19 08:20:58 +0000 (Tue, 19 May 2015)
New Revision: 3790

Added:
   retired/CVE-2015-0239
Removed:
   active/CVE-2015-0239
Log:
retire


Deleted: active/CVE-2015-0239
===================================================================
--- active/CVE-2015-0239	2015-05-19 08:17:54 UTC (rev 3789)
+++ active/CVE-2015-0239	2015-05-19 08:20:58 UTC (rev 3790)
@@ -1,17 +0,0 @@
-Description: KVM: x86: SYSENTER emulation is broken
-References: https://git.kernel.org/linus/f3747379accba8e95d70cec0eae0582c8c182050
-Notes:
- bwh> This revealed another earlier fix, commit 1a18a69b7623 ("KVM: x86
- bwh> emulator: reject SYSENTER in compatibility mode on AMD guests").
- bwh> It wasn't marked for stable but the bug might be exploitable by
- bwh> guest userland to crash the guest system.  I've queued it up for
- bwh> wheezy-security along with this.
-Bugs:
-upstream: released (3.19-rc6) [f3747379accba8e95d70cec0eae0582c8c182050]
-2.6.32-upstream-stable: ignored
-sid: released (3.16.7-ckt4-2) [bugfix/x86/kvm-x86-sysenter-emulation-is-broken.patch]
-3.16-jessie-security: N/A "Fixed before initial release"
-3.2-wheezy-security: released (3.2.65-1+deb7u2) [bugfix/x86/kvm-x86-sysenter-emulation-is-broken.patch]
-2.6.32-squeeze-security: ignored "KVM not supported in squeeze LTS"
-3.16-upstream-stable: released (3.16.7-ckt6)
-3.2-upstream-stable: released (3.2.67) [kvm-x86-sysenter-emulation-is-broken.patch]

Copied: retired/CVE-2015-0239 (from rev 3789, active/CVE-2015-0239)
===================================================================
--- retired/CVE-2015-0239	                        (rev 0)
+++ retired/CVE-2015-0239	2015-05-19 08:20:58 UTC (rev 3790)
@@ -0,0 +1,17 @@
+Description: KVM: x86: SYSENTER emulation is broken
+References: https://git.kernel.org/linus/f3747379accba8e95d70cec0eae0582c8c182050
+Notes:
+ bwh> This revealed another earlier fix, commit 1a18a69b7623 ("KVM: x86
+ bwh> emulator: reject SYSENTER in compatibility mode on AMD guests").
+ bwh> It wasn't marked for stable but the bug might be exploitable by
+ bwh> guest userland to crash the guest system.  I've queued it up for
+ bwh> wheezy-security along with this.
+Bugs:
+upstream: released (3.19-rc6) [f3747379accba8e95d70cec0eae0582c8c182050]
+2.6.32-upstream-stable: ignored
+sid: released (3.16.7-ckt4-2) [bugfix/x86/kvm-x86-sysenter-emulation-is-broken.patch]
+3.16-jessie-security: N/A "Fixed before initial release"
+3.2-wheezy-security: released (3.2.65-1+deb7u2) [bugfix/x86/kvm-x86-sysenter-emulation-is-broken.patch]
+2.6.32-squeeze-security: ignored "KVM not supported in squeeze LTS"
+3.16-upstream-stable: released (3.16.7-ckt6)
+3.2-upstream-stable: released (3.2.67) [kvm-x86-sysenter-emulation-is-broken.patch]




More information about the kernel-sec-discuss mailing list