CentOS virt - Jan 2018 - CentOS-virt - Kernel Side-Channel Attacks

Please patch the CentOS-virt Kernel to fix the
Kernel Side-Channel Attacks vulnerabilities.

The latest CentOS-virt kernel was released in November, as seen below.

kernel-4.9.63-29.el7.x86_64.rpm	2017-11-21 13:30

https://access.redhat.com/security/vulnerabilities/speculativeexecution
http://mirror.centos.org/centos/7/virt/x86_64/xen/

On Thu, Jan 4, 2018 at 9:51 AM, <rikske at deds.nl> wrote:
> Please patch the CentOS-virt Kernel to fix the
> Kernel Side-Channel Attacks vulnerabilities.
>
> The latest CentOS-virt kernel was released in November, as seen below.
>
> kernel-4.9.63-29.el7.x86_64.rpm 2017-11-21 13:30
>
> https://access.redhat.com/security/vulnerabilities/speculativeexecution
> http://mirror.centos.org/centos/7/virt/x86_64/xen/
>
?As far as I can see, the patches for ?
KAISER (Kernel Address
? ?Isolation to have Side-channels Efficiently Removed) will appear in
kernel 4.9.75. Looks like it will be released soon upstream (kernel.org).

Akemi
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.centos.org/pipermail/centos-virt/attachments/20180104/05094726/attachment.html>

On 01/04/2018 10:49 AM, Akemi Yagi wrote:
> On Thu, Jan 4, 2018 at 9:51 AM, <rikske at deds.nl> wrote:
> 
>> Please patch the CentOS-virt Kernel to fix the
>> Kernel Side-Channel Attacks vulnerabilities.
>>
>> The latest CentOS-virt kernel was released in November, as seen below.
>>
>> kernel-4.9.63-29.el7.x86_64.rpm 2017-11-21 13:30
>>
>> https://access.redhat.com/security/vulnerabilities/speculativeexecution
>> http://mirror.centos.org/centos/7/virt/x86_64/xen/
>>
> 
> ?As far as I can see, the patches for ?
> KAISER (Kernel Address
> ? ?Isolation to have Side-channels Efficiently Removed) will appear in
> kernel 4.9.75. Looks like it will be released soon upstream (kernel.org).
> 
To my best knowledge KAISER doesn't matter for Xen Dom0's given they run
in PV mode, and KAISER isn't enabled for PV guests.