Date: Fri, 9 Mar 2018 13:57:46 +1100 From: Kubilay Kocak <koobs@FreeBSD.org> To: Ed Maste <emaste@freebsd.org>, FreeBSD Security Team <secteam@freebsd.org> Cc: Tycho Nightingale <tychon@freebsd.org>, svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers <src-committers@freebsd.org> Subject: Re: svn commit: r328011 - in head/sys/amd64/vmm: amd intel Message-ID: <b7dd2d8c-55de-a1ef-2335-78d76e9787af@FreeBSD.org> In-Reply-To: <CAPyFy2BWYy8T1vbsLemxYKf4sqHhQu9YZ1iAJicweQLeGNk16w@mail.gmail.com> References: <201801151837.w0FIb3R7098459@repo.freebsd.org> <CAPyFy2BWYy8T1vbsLemxYKf4sqHhQu9YZ1iAJicweQLeGNk16w@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 9/03/2018 8:57 am, Ed Maste wrote: > On 15 January 2018 at 13:37, Tycho Nightingale <tychon@freebsd.org> wrote: >> Author: tychon >> Date: Mon Jan 15 18:37:03 2018 >> New Revision: 328011 >> URL: https://svnweb.freebsd.org/changeset/base/328011 >> >> Log: >> Provide some mitigation against CVE-2017-5715 by clearing registers >> upon returning from the guest which aren't immediately clobbered by >> the host. This eradicates any remaining guest contents limiting their >> usefulness in an exploit gadget. > > Will you MFC this to stable/11? Mitigations and related MFC's and SA's, etc for vulnerabilities, are presumably all being coordinated and handled by secteam, with associated (explicit) messaging when fixes don't apply to particular branches/versions, no?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?b7dd2d8c-55de-a1ef-2335-78d76e9787af>