[kernel-sec-discuss] r4789 - active
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Dec 10 07:40:53 UTC 2016
Author: carnil
Date: 2016-12-10 07:40:53 +0000 (Sat, 10 Dec 2016)
New Revision: 4789
Modified:
active/CVE-2016-3044
Log:
Expand note for CVE-2016-3044
Modified: active/CVE-2016-3044
===================================================================
--- active/CVE-2016-3044 2016-12-10 06:49:14 UTC (rev 4788)
+++ active/CVE-2016-3044 2016-12-10 07:40:53 UTC (rev 4789)
@@ -3,6 +3,19 @@
https://www-01.ibm.com/support/docview.wss?uid=isg3T1023969
http://www.securityfocus.com/bid/92123/info
Notes:
+ carnil> from the ubuntu security tracker, at
+ carnil> https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-3044.html
+ carnil> this might be the same as VE-2016-5412
+ sarnold> I haven't determined if this CVE is specific to IBM's
+ sarnold> PowerKVM Linux distribution or if this is an issue in the Linux
+ sarnild> kernel.
+ sbeattie> it sounds possibly like this might be a PowerKVM "rebrand"
+ sbeattie> of CVE-2016-5412. One of the two commits to address that was
+ sbeattie> 93d17397e4e2182fdaad503e2f9da46202c0f1c3, which fixed a similar
+ sbeattie> failure condition: a guest could trigger a host CPU to spin forever
+ sbeattie> with interrupts disabled. Furthermore, the IBM xforce vulnerability
+ sbeattie> page notes that the issue was reported on July 22, 2016, which also
+ sbeattie> happens to be the exact date of the aforementioned git commit.
Bugs:
upstream:
3.16-upstream-stable:
More information about the kernel-sec-discuss
mailing list