[kernel-sec-discuss] r4927 - active
Ben Hutchings
benh at moszumanska.debian.org
Wed Feb 15 14:52:39 UTC 2017
Author: benh
Date: 2017-02-15 14:52:39 +0000 (Wed, 15 Feb 2017)
New Revision: 4927
Modified:
active/CVE-2014-9870
Log:
Ignore CVE-2014-9870 for 3.2
Modified: active/CVE-2014-9870
===================================================================
--- active/CVE-2014-9870 2017-02-15 12:47:55 UTC (rev 4926)
+++ active/CVE-2014-9870 2017-02-15 14:52:39 UTC (rev 4927)
@@ -4,10 +4,15 @@
http://source.android.com/security/bulletin/2016-08-01.html
https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=4f57652fcd2dce7741f1ac6dc0417e2f265cd1de
Notes:
+ bwh> I can't see how this is a security issue. There was an earlier issue
+ bwh> that TPIDRURW leaked between tasks, but that was fixed by commit
+ bwh> 6a1c53124aa1 "ARM: 7403/1: tls: remove covert channel via TPIDRURW"
+ bwh> in 3.4-rc1 and 3.2.17. Possibly the security impact is specific to
+ bwh> the way Qualcomm was (ab)using TPIDRURW?
Bugs:
upstream: released (3.11-rc1) [a4780adeefd042482f624f5e0d577bf9cdcbb760]
3.16-upstream-stable: N/A
-3.2-upstream-stable:
+3.2-upstream-stable: ignored "appears to be specific to Qualcomm Android"
sid: released (3.11.5-1)
3.16-jessie-security: N/A
-3.2-wheezy-security:
+3.2-wheezy-security: ignored "appears to be specific to Qualcomm Android"
More information about the kernel-sec-discuss
mailing list