Subject: | |
From: | |
Reply To: | |
Date: | Tue, 26 Jun 2018 22:02:56 +0100 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
On Tue, 26 Jun 2018, Mike Ely wrote:
> It's been a while since that was released (at least for Centos7) and I'm
> wondering if there's a plan to release this for SL6 as well.
Basically, for RHEL/CentOS/SL 7 there is a simple fix, but for
RHEL/CentOS/SL 6, Red hat will have to back-port some functionality.
https://access.redhat.com/solutions/3485131 says:
RHEL-7 Mitigation
RHEL-7 defaults to (safe) "eager" floating point register restore
on Sandy Bridge and newer Intel processors, so is not affected.
AMD processors are not affected.
You can mitigate this issue on older processors by booting the kernel
with the eagerfpu=on parameter to enable eager FPU restore mode.
In this mode FPU state is saved and restored for every task/context
switch regardless of whether the current process invokes FPU
instructions or not.
The parameter does not affect performance negatively,
and can be applied without adverse effects to processors
that are not affected.
RHEL 6 and earlier are impacted by this CVE and do not provide
the eagerfpu parameter. Red Hat will be releasing updates
which will change the behavior.
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-3665
currently depends upon six other open bugs, but I don't
have access to see whether they cover RHEL6.
--
Andrew C. Aitchison Cambridge, UK
[log in to unmask]
|
|
|