Security-Announce archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]


A quick note to inform you that NetBSD is not affected by CVE-2018-8897.

Microsoft shared the vulnerability details with us a month in advance.

NetBSD-7, and all the previous releases, didn't have support for debug
registers. So they have never been affected.

Support for debug registers was introduced in NetBSD-current and NetBSD-8.
Upon getting the vulnerability details, we disabled this support by
default with a privileged sysctl.

NetBSD-8 will be released with debug registers disabled by default,
therefore it won't be affected by CVE-2018-8897.

A real fix for the issue has been committed in NetBSD-current.

We would like to thank Microsoft for sharing the vulnerability details
with us.


Home | Main Index | Thread Index | Old Index