[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] CVE-2017-5715: relevant qemu patches

From: Paolo Bonzini
Subject: Re: [Qemu-devel] CVE-2017-5715: relevant qemu patches
Date: Fri, 5 Jan 2018 09:33:04 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.0

On 04/01/2018 21:15, Stefan Priebe - Profihost AG wrote:
> attached the relevant patch for everybody who needs it.

This is the original patch from Intel, which doesn't work unless you
have a patched kernel (which you almost certainly don't have) and
doesn't even warn you about that.

In other words, it's rubbish.  Please read
https://www.qemu.org/2018/01/04/spectre/ several times, until you
understand why there is no urgent need to update QEMU.

Days are 24 hours for QEMU developers just like for you (and believe me,
we wished several times that they weren't during the last two months).
We are prioritizing the fixes according to their effect in mitigating
the vulnerability, their applicability and the availability of patches
to the lower levels of the stack.  Right now, the most urgent part is
the simple mitigations that can go in Linux 4.15 and stable kernels.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]