[kernel-sec-discuss] r4965 - active
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Tue Feb 21 12:59:20 UTC 2017
Author: carnil
Date: 2017-02-21 12:59:20 +0000 (Tue, 21 Feb 2017)
New Revision: 4965
Modified:
active/CVE-2016-3044
Log:
Remove incorrect notes since jmm found the fix via Red Hat
Modified: active/CVE-2016-3044
===================================================================
--- active/CVE-2016-3044 2017-02-21 12:56:18 UTC (rev 4964)
+++ active/CVE-2016-3044 2017-02-21 12:59:20 UTC (rev 4965)
@@ -3,19 +3,6 @@
https://www-01.ibm.com/support/docview.wss?uid=isg3T1023969
http://www.securityfocus.com/bid/92123/info
Notes:
- carnil> from the ubuntu security tracker, at
- carnil> https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-3044.html
- carnil> this might be the same as VE-2016-5412
- sarnold> I haven't determined if this CVE is specific to IBM's
- sarnold> PowerKVM Linux distribution or if this is an issue in the Linux
- sarnild> kernel.
- sbeattie> it sounds possibly like this might be a PowerKVM "rebrand"
- sbeattie> of CVE-2016-5412. One of the two commits to address that was
- sbeattie> 93d17397e4e2182fdaad503e2f9da46202c0f1c3, which fixed a similar
- sbeattie> failure condition: a guest could trigger a host CPU to spin forever
- sbeattie> with interrupts disabled. Furthermore, the IBM xforce vulnerability
- sbeattie> page notes that the issue was reported on July 22, 2016, which also
- sbeattie> happens to be the exact date of the aforementioned git commit.
jmm> RH bugzilla lists the commit below and since they're deeply involved in KVM using
jmm> that as the authoritative source
carnil> Fixed as well in 4.4.6: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.6
More information about the kernel-sec-discuss
mailing list