From owner-freebsd-security@freebsd.org  Wed Jun 13 21:12:48 2018
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 888A21017C0A
 for <freebsd-security@mailman.ysv.freebsd.org>;
 Wed, 13 Jun 2018 21:12:48 +0000 (UTC)
 (envelope-from gordon@tetlows.org)
Received: from mail-qk0-x232.google.com (mail-qk0-x232.google.com
 [IPv6:2607:f8b0:400d:c09::232])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 1D5777CB6F
 for <freebsd-security@freebsd.org>; Wed, 13 Jun 2018 21:12:48 +0000 (UTC)
 (envelope-from gordon@tetlows.org)
Received: by mail-qk0-x232.google.com with SMTP id w23-v6so2419648qkb.8
 for <freebsd-security@freebsd.org>; Wed, 13 Jun 2018 14:12:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tetlows.org; s=google;
 h=date:from:to:subject:message-id:mime-version:content-disposition
 :user-agent; bh=HNg75qs1c01gxEJge3vzxzOiXbORWDgVokWrRznUUuw=;
 b=Wvw6/ZHYbbd1sfkJAJUKLZ86Jf25v/a0PxtTax053MP9KV2h8fVIepDyG0zOXL35ET
 Pysz0AUQIvb16BsisXaxWQ3pIpY1ySo+jxIzw/t4QjZr3bnSWVYjjkyWrZbX0IySjmYJ
 fQtwzzfg+WUeoYDUOj1fwtH5pXF8PiANB2LIY=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:date:from:to:subject:message-id:mime-version
 :content-disposition:user-agent;
 bh=HNg75qs1c01gxEJge3vzxzOiXbORWDgVokWrRznUUuw=;
 b=F9GP7PZNq5cs9L5Qru6x6LRhE7oIAXXI3qxMCic23ux0PwNIQSjjdK0SnAbSJndBSK
 2IUd7WWksV9FIm/3w9PNdanieziYJMJvyuoGuYh3isyisvp5th6YaB+2hJ7PVCrStlMS
 mrmYeVrBeM9gQAXRB8lkYbgOct5bMirzHUppRda0adBmYILSD8526b9rkO+VGAel9Lzr
 pFrpcjfVbUlZKsBURz9L6CpiOxFfaR9j6feLuth767LASWtswZMq0BGZlUP8Z0Qbl7KQ
 gL1+YdftIXpSZtTsvcjlRY85L6AexHk5i0F/yI7U7DETzM9b9Ka61KzzksmnWHI+iUGy
 ZBGA==
X-Gm-Message-State: APt69E0MgTQLIrpUQeLQO6ym00OgEIwTzO/VssL1VV2zJlIIutMEQ8UM
 xRleLrMdArkK+Rv6kW/OI68LxiUVDw==
X-Google-Smtp-Source: ADUXVKKzuVJq+sHKqIwslyU1rIAOzJY2jdl1cJgCFm4tp/FjoKpXEmTXpdT8MiEDcpjUWmJbjmooeA==
X-Received: by 2002:a37:2455:: with SMTP id
 w82-v6mr6280203qkg.165.1528924367519; 
 Wed, 13 Jun 2018 14:12:47 -0700 (PDT)
Received: from gmail.com ([2607:fc50:0:7900:0:dead:beef:cafe])
 by smtp.gmail.com with ESMTPSA id o66-v6sm2987762qki.93.2018.06.13.14.12.46
 for <freebsd-security@freebsd.org>
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Wed, 13 Jun 2018 14:12:46 -0700 (PDT)
Date: Wed, 13 Jun 2018 14:12:45 -0700
From: Gordon Tetlow <gordon@tetlows.org>
To: freebsd-security@freebsd.org
Subject: Lazy FPU State Restore
Message-ID: <20180613211245.GC22782@gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature"; boundary="vOmOzSkFvhd7u8Ms"
Content-Disposition: inline
User-Agent: Mutt/1.10.0 (2018-05-17)
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Jun 2018 21:12:48 -0000


--vOmOzSkFvhd7u8Ms
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

Dear FreeBSD community,

Intel has recently announced a side-channel information disclosure via
floating point unit (FPU) context switch. This issue has been assigned
CVE-2018-3665. It is our understanding this issue affects a subset of
Intel processors. More information is available directly from Intel:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.html

We have addressed this issue with a recent commit to 12-CURRENT for
the 64-bit x86 architecture (FreeBSD/amd64):
https://svnweb.freebsd.org/changeset/base/335072

Further commits will be forthcoming for stable branches along with an
additional patch to remediate this issue for i386. We also intend to
merge this to the currently supported releases and will issue an update
in the near future.

FreeBSD Security Team

--vOmOzSkFvhd7u8Ms
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQGTBAABCgB9FiEEuyjUCzYO7pNq7RVv5fe8y6O93fgFAlshiM1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEJC
MjhENDBCMzYwRUVFOTM2QUVEMTU2RkU1RjdCQ0NCQTNCRERERjgACgkQ5fe8y6O9
3fgc9gf/bQGvaN5lbd1l15bo5Ditc+evD2V3J51yDDy8G8HUuzdt57U96YCaoNmd
Snlx3nlpZ3IGKD3WL6zklO56R3/m8ASgleXFPqMveHNzzPWSc71Dn0LEWKWF3HAh
7IcHMu7zXkr4TXK/t313002LVQGbsrUq4JkaH6b19HJJVu1odgD5iDZJMchyGkoq
lRtQAKzMA2cQi3k1B4Ni/VtZYr3Q5I6IMZwHza7jWQCqQ3Q9HOvhLj3bQkULDyo0
6JQLBzkt+FZuKoFhgRpQW53P1x2M+G3mVaZFltDPNY1rCQimTUs3PXniIl1OEO4H
ftnaPPIJIK9VpJPFPjwC3ZjnKy8+Ug==
=ZKw1
-----END PGP SIGNATURE-----

--vOmOzSkFvhd7u8Ms--