Mailinglist Archive: opensuse-virtual (17 mails)

< Previous Next >
Re: [opensuse-virtual] How to correctly configure mitigation of CVE-2018-3646 'Foreshadow-NG (VMM)' on Xen Dom0 host?
On Mon, 2019-04-15 at 10:12 -0700, Tony Su wrote:
Have a Q.
Found the following artic which although is for a different CVS
vulnerability more generally describes ways to read proc settings
directly to verify mitigations installed

https://www.suse.com/support/kb/doc/?add=&id=7022937&title=Security+Vulnerability:+Spectre+Variant+4+(Speculative+Store+Bypass)+aka+CVE-2018-3639.

Was wondering whether there is an article similar to the one
referenced by "@PGnet Dev" that's a good jumping off point for other
virtualization, specifically KVM?

I'm not sure I have understood what you are after.

Each one of these things being --although all somewhat related--
different vulnerabilities, came out at different times, each has its
own piece of documentation (or, often, more than one!).

L1TF is the one which, it can be stated, is the most related to
virtualization, and SUSE docs for it is here (not sure this was liked
already):

https://www.suse.com/support/kb/doc/?id=7023077

The most authoritative source of info for KVM would be, IMO, the kernel
documentation:
https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html

For Xen, I personally think the XSA is particularly well done:
https://xenbits.xen.org/xsa/advisory-273.html

But again, I'm not sure it was things like these you were actually
looking for...

Regards
--
Dario Faggioli, Ph.D
http://about.me/dario.faggioli
Virtualization Software Engineer
SUSE Labs, SUSE https://www.suse.com/
-------------------------------------------------------------------
<<This happens because _I_ choose it to happen!>> (Raistlin Majere)

< Previous Next >
List Navigation
Follow Ups