Category: core
Module: kernel
Announced: 2018-06-21
Credits: Julian Stecklina from Amazon Germany
Thomas Prescher from Cyberus Technology GmbH
Zdenek Sojka from SYSGO AG
Colin Percival
Affects: All supported version of FreeBSD.
Corrected: 2018-06-14 18:50:49 UTC (stable/11, 11.2-PRERELEASE)
2018-06-15 13:21:37 UTC (releng/11.2, 11.2-RC3)
2018-06-21 05:17:13 UTC (releng/11.1, 11.1-RELEASE-p11)
CVE Name: CVE-2018-3665
Special Note: This advisory only addresses this issue for FreeBSD 11.x on
i386 and amd64. We expect to update this advisory to include
10.x in the near future.
"Any local thread can potentially read FPU state information from other threads running on the host. This could include cryptographic keys when the AES-NI CPU feature is present. [...] No workaround is available, but non-Intel branded CPUs are not believed to be vulnerable. [...] The patch changes from Lazy FPU state restore to Eager FPU state restore. This new technique is the recommended practice from Intel and in some cases can actually increase performance, depending on workload."
A bejelentés itt olvasható.