Attachment 209119 Details for Bug 241931 – FreeBSD SA entries

[patch] FreeBSD SA entries

SA-19:25.mcepsc_19:26.mcu.patch (text/plain), 3.40 KB, created by Miroslav Lachman on 2019-11-12 23:24:02 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Miroslav Lachman

Created: 2019-11-12 23:24:02 UTC

Size: 3.40 KB

patch

obsolete

>--- vuln.xml	2019-11-13 00:12:41.986447000 +0100
>+++ vuln.xml.new	2019-11-13 00:13:06.261417000 +0100
>@@ -58,6 +58,87 @@
>   * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
> -->
> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
>+  <vuln vid="fbe10a8a-05a1-11ea-9dfa-f8b156ac3ff9">
>+    <topic>FreeBSD -- Intel CPU Microcode Update</topic>
>+    <affects>
>+      <package>
>+	<name>FreeBSD</name>
>+
>+      </package>
>+    </affects>
>+    <description>
>+      <body xmlns="http://www.w3.org/1999/xhtml">
>+	<h1>Problem Description:</h1>
>+	<p>Starting with version 1.26, the devcpu-data port/package includes
>+	updates and mitigations for the following technical and security
>+	advisories (depending on CPU model).</p>
>+	<p>Intel TSX Updates (TAA) CVE-2019-11135 Voltage Modulation
>+	Vulnerability CVE-2019-11139 MD_CLEAR Operations
>+	CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-11091
>+	TA Indirect Sharing CVE-2017-5715 EGETKEY CVE-2018-12126
>+	CVE-2018-12127 CVE-2018-12130 CVE-2018-11091 JCC SKX102
>+	Erratum </p> <p>Updated microcode includes mitigations for
>+	CPU issues, but may also cause a performance regression due
>+	to the JCC erratum mitigation.  Please visit
>+	http://www.intel.com/benchmarks for further information.
>+	</p> <p>Please visit http://www.intel.com/security for
>+	detailed information on these advisories as well as a list of
>+	CPUs that are affected.</p>
>+	<h1>Impact:</h1>
>+	<p>Operating a CPU without the latest microcode may result in erratic or
>+	unpredictable behavior, including system crashes and lock ups.
>+	Certain issues listed in this advisory may result in the leakage of
>+	privileged system information to unprivileged users.  Please refer to
>+	the security advisories listed above for detailed information.</p>
>+      </body>
>+    </description>
>+    <references>
>+      <cvename>CVE-2019-11135</cvename>
>+      <cvename>CVE-2019-11139</cvename>
>+      <cvename>CVE-2018-12126</cvename>
>+      <cvename>CVE-2018-12127</cvename>
>+      <cvename>CVE-2018-12130</cvename>
>+      <cvename>CVE-2018-11091</cvename>
>+      <cvename>CVE-2017-5715 </cvename>
>+      <freebsdsa>SA-19:26.mcu</freebsdsa>
>+    </references>
>+    <dates>
>+      <discovery>2019-11-12</discovery>
>+      <entry>2019-11-13</entry>
>+    </dates>
>+  </vuln>
>+
>+  <vuln vid="edc0bf7e-05a1-11ea-9dfa-f8b156ac3ff9">
>+    <topic>FreeBSD -- Machine Check Exception on Page Size Change</topic>
>+    <affects>
>+      <package>
>+	<name>FreeBSD-kernel</name>
>+	<range><ge>12.1</ge><lt>12.1_1</lt></range>
>+	<range><ge>12.0</ge><lt>12.0_12</lt></range>
>+	<range><ge>11.3</ge><lt>11.3_5</lt></range>
>+      </package>
>+    </affects>
>+    <description>
>+      <body xmlns="http://www.w3.org/1999/xhtml">
>+	<h1>Problem Description:</h1>
>+	<p>Intel discovered a previously published erratum on some Intel
>+	platforms can be exploited by malicious software to potentially cause
>+	a denial of service by triggering a machine check that will crash or
>+	hang the system.</p>
>+	<h1>Impact:</h1>
>+	<p>Malicious guest operating systems may be able to crash the host.</p>
>+      </body>
>+    </description>
>+    <references>
>+      <cvename>CVE-2018-12207</cvename>
>+      <freebsdsa>SA-19:25.mcepsc</freebsdsa>
>+    </references>
>+    <dates>
>+      <discovery>2019-11-12</discovery>
>+      <entry>2019-11-13</entry>
>+    </dates>
>+  </vuln>
>+
>   <vuln vid="88d00176-058e-11ea-bd1c-3065ec8fd3ec">
>     <topic>chromium -- multiple vulnerabilities</topic>
>     <affects>

Actions: View | Diff

Attachments on bug 241931: 209119 | 209326