Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 13 Jul 2012 08:31:59 -0400
From:      John Baldwin <jhb@freebsd.org>
To:        freebsd-hackers@freebsd.org
Cc:        Bill Crisp <bcrisp@crispernetworks.com>
Subject:   Re: CVE-2012-0217 Intel's sysret Kernel Privilege Escalation and FreeBSD 6.2/6.3
Message-ID:  <201207130831.59211.jhb@freebsd.org>
In-Reply-To: <CAOmNS514kLwq=MpGbwL324MQGQYrCAgM9ByaocRujjG1M55%2BTg@mail.gmail.com>
References:  <CAOmNS514kLwq=MpGbwL324MQGQYrCAgM9ByaocRujjG1M55%2BTg@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Thursday, July 12, 2012 12:36:07 pm Bill Crisp wrote:
> Good Morning!
> 
> This was also posted to the FreeBSD forums:
> 
> I have been researching CVE-2012-0217 and while I have patched the kernels
> on servers with 7.3/8.2 that I have, I would like to see if anyone knows
> for sure if 6.2/6.3 are also vulnerable? I am aware that those kernels are
> out of support from looking at the documentation. I have looked at the code
> in trap.c to see if the current patch would work with 6.3 source but it
> won't based on what I saw. I am also aware of upgrading as an option to
> resolve this unfortunately in some cases I have this is not possible right
> now.
> 
> Any help would be greatly appreciated, and I can of course test anything
> that might need it.

Every FreeBSD/amd64 kernel in existent is vulnerable.  In truth, my personal 
opinion is that Intel screwed up their implementation of that instruction 
whereas AMD got it right, and we are merely working around Intel's CPU bug. :(

-- 
John Baldwin



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201207130831.59211.jhb>