stable

libvirt-5.1.0-5.fc30 and qemu-3.1.0-8.fc30

FEDORA-2019-f910d35647 created by berrange 5 years ago for Fedora 30

Define md-clear CPUID bit.

Assuming an updated host kernel and microcode, the md-clear bit will be automatically exposed to guests using the QEMU "-cpu host" arg, or libvirt "host-model" or "host-passthrough" configurations.

Guests using a named CPU model it must be manually updated to add this extra CPU feature.

Resolves CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2019-f910d35647

This update has been submitted for testing by berrange.

5 years ago

berrange edited this update.

5 years ago

This update has been pushed to testing.

5 years ago
User Icon atim provided feedback 5 years ago
karma
User Icon frantisekz commented & provided feedback 5 years ago
karma

Works fine, md-clear is propagated within VM.

This update has been submitted for batched by berrange.

5 years ago

This update has been submitted for stable by berrange.

5 years ago

This update has been pushed to stable.

5 years ago
User Icon vinumoses provided feedback 5 years ago
karma
User Icon vinumoses provided feedback 5 years ago
karma

Please login to add feedback.

Metadata
Type
security
Severity
high
Karma
3
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
disabled
Dates
submitted
5 years ago
in testing
5 years ago
in stable
5 years ago
modified
5 years ago
BZ#1646781 CVE-2018-12126 hardware: Microarchitectural Store Buffer Data Sampling (MSBDS)
0
0
BZ#1646784 CVE-2018-12130 hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS)
0
0
BZ#1667782 CVE-2018-12127 hardware: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS)
0
0
BZ#1705312 CVE-2019-11091 hardware: Microarchitectural Data Sampling Uncacheable Memory (MDSUM)
0
0
BZ#1709977 CVE-2018-12126 libvirt: hardware: Microarchitectural Store Buffer Data Sampling (MSBDS) [fedora-all]
0
0
BZ#1709979 CVE-2018-12127 libvirt: hardware: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS) [fedora-all]
0
0
BZ#1709984 CVE-2019-11091 libvirt: hardware: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) [fedora-all]
0
0
BZ#1709997 CVE-2018-12130 libvirt: hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS) [fedora-all]
0
0
BZ#1710002 CVE-2018-12126 qemu: hardware: Microarchitectural Store Buffer Data Sampling (MSBDS) [fedora-all]
0
0
BZ#1710003 CVE-2018-12130 qemu: hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS) [fedora-all]
0
0
BZ#1710004 CVE-2018-12127 qemu: hardware: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS) [fedora-all]
0
0
BZ#1710006 CVE-2019-11091 qemu: hardware: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) [fedora-all]
0
0

Automated Test Results