[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [web PATCH 0/4] Add web section reporting information a
From: |
Paolo Bonzini |
Subject: |
Re: [Qemu-devel] [web PATCH 0/4] Add web section reporting information about CVEs in QEMU |
Date: |
Thu, 18 Oct 2018 23:36:39 +0200 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.0 |
On 18/10/2018 16:51, Daniel P. Berrangé wrote:
>
> After adding the new $YEAR/$ID.xml file, 'make' will build the
> corresponding indexes and HTML/TXT renderings. Ideally the machine which
> is hosting the QEMU website would run 'make' after pulling new
> commits. In this series, however, I have just commited the rendered
> content to git.
"git push" is already running Jekyll, which has a templating mechanism
similar to the one used for blog posts
(https://jekyllrb.com/docs/collections/). Basically one security notice
would be a file in a _secnotices directory, with the metadata in a YAML
preamble like this:
---
title: Speculative store bypass
id: 2018-001
date: 2018-05-21
reported: 2018-03-12
fixed: 2018-06-26
credits:
- reporter:
- name: Ken Johnson (Microsoft Security Response Center)
- name: Jann Horn (Google Project Zero)
- patcher:
- name: Daniel P. Berrangé
email: address@hidden
- name: Konrad Rzeszutek Wilk
email: address@hidden
advisories:
- type: CVE
id: 2018-3639
branches:
- master:
state: fixed
change:
- d19d1f965904a533998739698020ff4ee8a103da: fixed
- 403503b162ffc33fb64cfefdf7b880acf41772cd: fixed
- 4f50c1673a89b07f376ce5c42d22d79a79cd466d: merged
- a764f3f7197f4d7ad8fe8424269933de912224cb: fixed
- e409d9a158c77c650651e8118f6c86c8dc76eba6: merged
- 7ba1e61953f4592606e60b2e7507ff6a6faf861a: vulnerable
tag:
- v0.10.1: vulnerable
...
+---
{% contentfor description %}
An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store
instructions (a commonly used performance optimization).
+
+It relies on the presence of a precisely-defined instruction sequence
in the privileged code as well as the fact that memory read from address
to which a recent memory write has occurred may see an older value and
subsequently cause an update into the microprocessor's data cache even
for speculatively executed instructions that never actually commit (retire).
{% endcontentfor %}
{% contentfor impact %}
As a result, an unprivileged attacker could use this flaw to read
privileged memory by conducting targeted cache side-channel attacks.
{% endcontentfor %}
{% contentfor mitigation %}
None
{% endcontentfor %}
(Requires the jekyll-contentblocks plugin).
I am not a YAML fan, but I still would probably have to hide if I
suggested using XSLT to convert the XML files to YAML. :) Still, one
question is obvious: is the XML an industry standard? That would make
it more palatable...