[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] CVE-2017-5715: relevant qemu patches
|
From: |
Alexandre DERUMIER |
|
Subject: |
Re: [Qemu-devel] CVE-2017-5715: relevant qemu patches |
|
Date: |
Thu, 4 Jan 2018 09:35:01 +0100 (CET) |
>>So you need:
>>1.) intel / amd cpu microcode update
>>2.) qemu update to pass the new MSR and CPU flags from the microcode update
>>3.) host kernel update
>>4.) guest kernel update
are you sure we need to patch guest kernel if we are able to patch qemu ?
I have some pretty old guest (linux and windows)
If I understand, patching the host kernel, should avoid that a vm is reading
memory of another vm.
(the most critical)
patching the guest kernel, to avoid that a process from the vm have access to
memory of another process of same vm.
right ?
----- Mail original -----
De: "Stefan Priebe, Profihost AG" <address@hidden>
À: "aderumier" <address@hidden>
Cc: "qemu-devel" <address@hidden>
Envoyé: Jeudi 4 Janvier 2018 09:17:41
Objet: Re: [Qemu-devel] CVE-2017-5715: relevant qemu patches
Am 04.01.2018 um 08:27 schrieb Alexandre DERUMIER:
> does somebody have a redhat account to see te content of:
>
> https://access.redhat.com/solutions/3307851
> "Impacts of CVE-2017-5754, CVE-2017-5753, and CVE-2017-5715 to Red Hat
> Virtualization products"
i don't have one but the content might be something like this:
https://www.suse.com/de-de/support/kb/doc/?id=7022512
So you need:
1.) intel / amd cpu microcode update
2.) qemu update to pass the new MSR and CPU flags from the microcode update
3.) host kernel update
4.) guest kernel update
The microcode update and the kernel update is publicly available but i'm
missing the qemu one.
Greets,
Stefan
> ----- Mail original -----
> De: "aderumier" <address@hidden>
> À: "Stefan Priebe, Profihost AG" <address@hidden>
> Cc: "qemu-devel" <address@hidden>
> Envoyé: Jeudi 4 Janvier 2018 08:24:34
> Objet: Re: [Qemu-devel] CVE-2017-5715: relevant qemu patches
>
>>> Can anybody point me to the relevant qemu patches?
>
> I don't have find them yet.
>
> Do you known if a vm using kvm64 cpu model is protected or not ?
>
> ----- Mail original -----
> De: "Stefan Priebe, Profihost AG" <address@hidden>
> À: "qemu-devel" <address@hidden>
> Envoyé: Jeudi 4 Janvier 2018 07:27:01
> Objet: [Qemu-devel] CVE-2017-5715: relevant qemu patches
>
> Hello,
>
> i've seen some vendors have updated qemu regarding meltdown / spectre.
>
> f.e.:
>
> CVE-2017-5715: QEMU was updated to allow passing through new MSR and
> CPUID flags from the host VM to the CPU, to allow enabling/disabling
> branch prediction features in the Intel CPU. (bsc#1068032)
>
> Can anybody point me to the relevant qemu patches?
>
> Thanks!
>
> Greets,
> Stefan
>
- [Qemu-devel] CVE-2017-5715: relevant qemu patches, Stefan Priebe - Profihost AG, 2018/01/04
- Re: [Qemu-devel] CVE-2017-5715: relevant qemu patches, Alexandre DERUMIER, 2018/01/04
- Re: [Qemu-devel] CVE-2017-5715: relevant qemu patches, Alexandre DERUMIER, 2018/01/04
- Re: [Qemu-devel] CVE-2017-5715: relevant qemu patches, Stefan Priebe - Profihost AG, 2018/01/04
- Re: [Qemu-devel] CVE-2017-5715: relevant qemu patches,
Alexandre DERUMIER <=
- Re: [Qemu-devel] CVE-2017-5715: relevant qemu patches, Stefan Priebe - Profihost AG, 2018/01/04
- Re: [Qemu-devel] CVE-2017-5715: relevant qemu patches, Paolo Bonzini, 2018/01/04
- Re: [Qemu-devel] CVE-2017-5715: relevant qemu patches, Stefan Priebe - Profihost AG, 2018/01/04
- Re: [Qemu-devel] CVE-2017-5715: relevant qemu patches, Paolo Bonzini, 2018/01/05
- Re: [Qemu-devel] CVE-2017-5715: relevant qemu patches, Stefan Priebe - Profihost AG, 2018/01/05
- Re: [Qemu-devel] CVE-2017-5715: relevant qemu patches, Paolo Bonzini, 2018/01/05
Re: [Qemu-devel] CVE-2017-5715: relevant qemu patches, Stefan Priebe - Profihost AG, 2018/01/04