Update version of MDS advisory
Approved by: so
This commit is contained in:
parent
392ca504c5
commit
a92dbc5e1c
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/head/; revision=53029
1 changed files with 31 additions and 18 deletions
|
@ -24,6 +24,13 @@ For general information regarding FreeBSD Security Advisories,
|
|||
including descriptions of the fields above, security branches, and the
|
||||
following sections, please visit <URL:https://security.FreeBSD.org/>.
|
||||
|
||||
0. Revision history
|
||||
|
||||
v1.0 2019-05-14 Initial release.
|
||||
v1.1 2019-05-15 Fixed date on microcode update package.
|
||||
v1.2 2019-05-15 Userland startup microcode update details added.
|
||||
Add language specifying which manufacturers is affected.
|
||||
|
||||
I. Background
|
||||
|
||||
Modern processors make use of speculative execution, an optimization
|
||||
|
@ -45,11 +52,14 @@ IV. Workaround
|
|||
|
||||
No workaround is available.
|
||||
|
||||
Only Intel x86 based processors are affected. x86 processors from other
|
||||
manufacturers (eg, AMD) are not believed to be vulnerable.
|
||||
|
||||
Systems with users or processors in different trust domains should disable
|
||||
Hyper-Threading by setting the machdep.hyperthreading_allowed tunable to 0:
|
||||
|
||||
# echo 'machdep.hyperthreading_allowed=0 >> /boot/loader.conf'
|
||||
# shutdown
|
||||
# shutdown -r +10min "Security update"
|
||||
|
||||
V. Solution
|
||||
|
||||
|
@ -63,14 +73,17 @@ New CPU microcode may be available in a BIOS update from your system vendor,
|
|||
or by installing the devcpu-data package or sysutils/devcpu-data port.
|
||||
Ensure that the BIOS update or devcpu-data package is dated after 2019-05-14.
|
||||
|
||||
If using the package or port the microcode update can be applied at boot time
|
||||
by adding the following lines to the system's /boot/loader.conf:
|
||||
If using the package or port the Intel microcode update can be applied at
|
||||
boot time (only on FreeBSD 12 and later) by adding the following lines to the
|
||||
system's /boot/loader.conf:
|
||||
|
||||
cpu_microcode_load="YES"
|
||||
cpu_microcode_name="/boot/firmware/intel-ucode.bin"
|
||||
|
||||
Microcode updates can also be applied while the system is running. See
|
||||
cpucontrol(8) for details.
|
||||
To automatically load microcode during userland startup (supported on all
|
||||
FreeBSD versions), add the following to /etc/rc.conf:
|
||||
|
||||
microcode_update_enable="YES"
|
||||
|
||||
1) To update your vulnerable system via a binary patch:
|
||||
|
||||
|
@ -180,19 +193,19 @@ The latest revision of this advisory is available at
|
|||
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-19:07.mds.asc>
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlzcFgRfFIAAAAAALgAo
|
||||
iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlzcU9dfFIAAAAAALgAo
|
||||
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
|
||||
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
|
||||
5cLmcw//cAwFw1SkYL3uFd0nTTnIltrzwTkMkxAFRjsxN5XxOJDEVJfygFHzlFhr
|
||||
TxiFRN+QdE5NQt7HWDB7d1BXnmnIRiL6dqrrL+odPNeh9Wsh3Ft6NUxn8I6/wC4g
|
||||
O77VYLj5OdhYT6D9PnbIucDBSdNH555Tfmz0eTDY24iVmWw7c1GfYozpl1cEk/Bh
|
||||
+jgMH5rQZ30v7dKANGTeF0pQeAZaK9NZBWb86NlSy+FYyDu7KS1oEms4hGdQosYU
|
||||
ZEBVV4uxBVFx3RRQuZM3z/+M9GrpliyHKGmNBX97u975oQ1k66pK6r1lxp+odVoa
|
||||
UO0YROQ/pepOVmutNHz+8Y953qLaaolNwy+SxpqkEDhjlD6sbwV+ErqbfoCuEnsb
|
||||
N0a7t52VEqkd3Cnivrd6dJpGtNsYPhruSXIXjRrKhI1fOnJbC/cw1as7WwXx5TdM
|
||||
471ErTqZuNAcwAUT7Ve7kxNpWk+Lii2lprf+YfrZRk7pqcgmiMurIBAcKys7Skb/
|
||||
dCGMckAU9hiUZMmiNuxV33m233zmRB7otHnHSXmmm9/SKCGeUw/OSKugtHGQ/6gJ
|
||||
2ZQkWCPrL71CRwMzBRtwSCvG6YfTYIZ1gw48r2JzUGg11Urj2pXqRlYGNT7YGHGF
|
||||
EOKQqSsU9I4CBfI9munJkNJI+Fpghnjpx2lK5w3rbcnkJI9CDzc=
|
||||
=jH3H
|
||||
5cKG7Q//XEf1kFc8JABZtSQT5XEP+J/CKMF+W+CqVmV6vLNimOeWVaw5BBWbtbhI
|
||||
7BENuQRw2NcUbwrhwR+KYKWUN0rF0VQOk+m8JMYQxTu1WQfI9J8HDTXjmp1mfrx4
|
||||
CbEjHuHCvGjezdURR0GIfAfkMjfDUEPEq05svPrEFIh2s4QagF7V2gunwNgprXJV
|
||||
ZzlA2IEUCx2KFbgbPjIJDY7ED0/VXrNeZU9G4R4t9+QSD2r21cF4kax8DLi5Rtz4
|
||||
ducXhT5dG+reZXye6c+eryJvjBPEwI9zHth0xLMGHDJUeLAOUkZpNsciuEeNu96O
|
||||
1EkGqYBKpJGcvsYBnYM0mD2Z23khqxEHWArIluJeVkdezlvREB42nLHQ9oin3opH
|
||||
ojdh57lkppQqVZ9GTHqQLRVbawiC7oNNWzoYq+ANSReqiIkpPCC3z3NsGDo1oYLK
|
||||
suMOAtxwPe6qq2Q9voN5lgHNR5w/x2uKxdYx8G8C40ynoFb1W1dQNdGVtmfRpvO5
|
||||
lvZGWNsmxWBrlYlm8onpulw1WsPgOp9TmhIAO1IZHVhgsaoF9i1hu/BumOTjiQo0
|
||||
Md4IiGAdPkU7nC3MjDm9jsD+bC6GaXwXkyryi1bpNE2feXVg4lvznyah2wQR2VVq
|
||||
+R3H0+iTHCOS9fEvWWpRIZWL2AfU78O+c/go9ZqqQvGAxVR/UwM=
|
||||
=pDA1
|
||||
-----END PGP SIGNATURE-----
|
||||
|
|
Loading…
Reference in a new issue