oss-sec mailing list archives

Re: Re: Intel FP security issue

From: Marcus Meissner <meissner () suse de>
Date: Fri, 15 Jun 2018 15:25:07 +0200

Hi,

On Wed, Jun 13, 2018 at 11:07:18PM +0400, Loganaden Velvindron wrote:

On Wed, Jun 13, 2018 at 7:34 PM, Loganaden Velvindron
<loganaden () gmail com> wrote:

Hi All,

Both OpenBSD and DragonflyBSD have gone ahead and committed fixes for
the rumored Intel FP issue:

OpenBSD: https://marc.info/?l=openbsd-cvs&m=152818076013158&w=2
DragonflyBSD: http://lists.dragonflybsd.org/pipermail/commits/2018-June/672324.html

I think that the cat is already out of the bag, and releasing details
of this security problem makes sense. Since this has gone public, Is
there a reason to keep this under embargo ?


FreeBSD appears to be moving in this direction too:
https://svnweb.freebsd.org/base?view=revision&revision=335072


For the record, this is https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.html
aka CVE-2018-3665 with codename "Lazy FPU Save/Restore".

XEN advisory https://xenbits.xen.org/xsa/advisory-267.html was posted here too, describing it a bit better.

Full details are planned to be released June 27th.

Ciao, Marcus

Current thread:

Intel FP security issue Loganaden Velvindron (Jun 13)
- Re: Intel FP security issue Loganaden Velvindron (Jun 13)
  - Re: Re: Intel FP security issue Marcus Meissner (Jun 15)
- <Possible follow-ups>
- Re: Re: Intel FP security issue Liguori, Anthony (Jun 15)
  - Re: Intel FP security issue Solar Designer (Jun 15)
    - Re: Intel FP security issue Anthony Liguori (Jun 15)