[kernel-sec-discuss] r4928 - active retired

Moritz Muehlenhoff jmm at moszumanska.debian.org
Wed Feb 15 15:00:39 UTC 2017 

Author: jmm
Date: 2017-02-15 15:00:39 +0000 (Wed, 15 Feb 2017)
New Revision: 4928

Added:
   retired/CVE-2014-9870
Removed:
   active/CVE-2014-9870
Log:
retire


Deleted: active/CVE-2014-9870
===================================================================
--- active/CVE-2014-9870	2017-02-15 14:52:39 UTC (rev 4927)
+++ active/CVE-2014-9870	2017-02-15 15:00:39 UTC (rev 4928)
@@ -1,18 +0,0 @@
-Description: 
-References:
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9870
- http://source.android.com/security/bulletin/2016-08-01.html
- https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=4f57652fcd2dce7741f1ac6dc0417e2f265cd1de
-Notes:
- bwh> I can't see how this is a security issue.  There was an earlier issue
- bwh> that TPIDRURW leaked between tasks, but that was fixed by commit
- bwh> 6a1c53124aa1 "ARM: 7403/1: tls: remove covert channel via TPIDRURW"
- bwh> in 3.4-rc1 and 3.2.17.  Possibly the security impact is specific to
- bwh> the way Qualcomm was (ab)using TPIDRURW?
-Bugs:
-upstream: released (3.11-rc1) [a4780adeefd042482f624f5e0d577bf9cdcbb760]
-3.16-upstream-stable: N/A
-3.2-upstream-stable: ignored "appears to be specific to Qualcomm Android"
-sid: released (3.11.5-1)
-3.16-jessie-security: N/A
-3.2-wheezy-security: ignored "appears to be specific to Qualcomm Android"

Copied: retired/CVE-2014-9870 (from rev 4927, active/CVE-2014-9870)
===================================================================
--- retired/CVE-2014-9870	                        (rev 0)
+++ retired/CVE-2014-9870	2017-02-15 15:00:39 UTC (rev 4928)
@@ -0,0 +1,18 @@
+Description: 
+References:
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9870
+ http://source.android.com/security/bulletin/2016-08-01.html
+ https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=4f57652fcd2dce7741f1ac6dc0417e2f265cd1de
+Notes:
+ bwh> I can't see how this is a security issue.  There was an earlier issue
+ bwh> that TPIDRURW leaked between tasks, but that was fixed by commit
+ bwh> 6a1c53124aa1 "ARM: 7403/1: tls: remove covert channel via TPIDRURW"
+ bwh> in 3.4-rc1 and 3.2.17.  Possibly the security impact is specific to
+ bwh> the way Qualcomm was (ab)using TPIDRURW?
+Bugs:
+upstream: released (3.11-rc1) [a4780adeefd042482f624f5e0d577bf9cdcbb760]
+3.16-upstream-stable: N/A
+3.2-upstream-stable: ignored "appears to be specific to Qualcomm Android"
+sid: released (3.11.5-1)
+3.16-jessie-security: N/A
+3.2-wheezy-security: ignored "appears to be specific to Qualcomm Android"

More information about the kernel-sec-discuss mailing list