Package: libvirt / 5.0.0-4

security/cpu_map-Define-md-clear-CPUID-bit.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
From: Jiri Denemark <jdenemar@redhat.com>
Date: Fri, 5 Apr 2019 15:11:20 +0200
Subject: cpu_map: Define md-clear CPUID bit
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit

Origin: https://libvirt.org/git/?p=libvirt.git;a=commit;h=538d873571d7a682852dc1d70e5f4478f4d64e85
Bug-Debian: https://bugs.debian.org/929154
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-12126
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-12127
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-12130
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-11091

CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091

The bit is set when microcode provides the mechanism to invoke a flush
of various exploitable CPU buffers by invoking the VERW instruction.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
---
 src/cpu_map/x86_features.xml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/cpu_map/x86_features.xml b/src/cpu_map/x86_features.xml
index 02431be..11479f0 100644
--- a/src/cpu_map/x86_features.xml
+++ b/src/cpu_map/x86_features.xml
@@ -317,6 +317,9 @@
   <feature name='avx512-4fmaps'>
     <cpuid eax_in='0x07' ecx_in='0x00' edx='0x00000008'/>
   </feature>
+  <feature name='md-clear'> <!-- md_clear -->
+    <cpuid eax_in='0x07' ecx_in='0x00' edx='0x00000400'/>
+  </feature>
   <feature name='pconfig'>
     <cpuid eax_in='0x07' ecx_in='0x00' edx='0x00040000'/>
   </feature>