Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768

Related Vulnerabilities: CVE-2020-10766   CVE-2020-10767   CVE-2020-10768   CVE-2018-3639  
Source 
                							

                <!--X-Body-Begin-->
<!--X-User-Header-->

oss-sec
mailing list archives
<!--X-User-Header-End-->
<!--X-TopPNI-->

By Date

By Thread

</form>

<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768

<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->

From: Monsieur Francis Perron &lt;francisp () google com&gt;

Date: Wed, 10 Jun 2020 19:55:44 +0200

<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->

<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
On Wed, Jun 10, 2020 at 01:44:27PM +0200, Greg KH wrote:
On Wed, Jun 10, 2020 at 09:21:03PM +1000, Wade Mealing wrote:
A number of flaws were discussed in the registers article this morning
( https://www.theregister.com/2020/06/09/linux_kernel_bugs_spectre )
which have been submitted for inclusion upstream already.

Listed below are the CVE's that Red Hat has assigned.  As far as I can
tell there are no existing  CVE assignments for these flaws. I have
not done adequate investigation to correctly identify affected
versions of the kernel, however this is a flaw in the fix for
CVE-2018-3639, affected systems would likely be affected by the flaws
listed below if they required the fix.

Did you ask the authors of the patches?  I think they might have already
assigned CVEs from Google's pool, based on previous interactions with
those developers...

We (Google) did not assign CVEs to this work Anthony did.

Wade -
  Did you already request MITRE to look into it? If not, let me know and
we can see to it with the kernel folks. You are correct that fixing an
incomplete fix is within the scope of getting new numbers.

Thank you,

-- 
Francis Perron
  Vulnerability Coordination @ Google inc.

<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->

<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->

By Date

By Thread

Current thread:

kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768 Wade Mealing (Jun 10)

Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768 Greg KH (Jun 10)

Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768 Wade Mealing (Jun 10)

Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768 Greg KH (Jun 10)

Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768 Monsieur Francis Perron (Jun 10)

<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started